[Unbound-users] Private-address SERVFAIL
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Mon Mar 25 08:09:59 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Ehren,
On 03/22/2013 05:10 PM, Ehren Hawks wrote:
> Wouter,
>
> Thank you for taking the time to review my issue. One more
> question, is this a patchable fix and or something that will be
> available in future releases of Unbound?
This is available in future release of Unbound.
You can get a patch, with
svn diff http://unbound.net/svn/trunk/iterator -r2867:2868 > file
and cd src/iterator ; patch -p0 < file.
Best regards,
Wouter
> -----Original Message----- From: unbound-users-bounces at unbound.net
> [mailto:unbound-users-bounces at unbound.net] On Behalf Of
> unbound-users-request at unbound.net Sent: Friday, March 22, 2013 5:52
> AM To: unbound-users at unbound.net Subject: Unbound-users Digest, Vol
> 64, Issue 15
>
> Message: 1 Date: Thu, 21 Mar 2013 16:01:36 -0400 From: "Ehren
> Hawks" <ehawks at goeaston.net> To: <unbound-users at unbound.net>
> Subject: [Unbound-users] Private-address SERVFAIL Message-ID:
> <008b01ce266e$e4ea6e30$aebf4a90$@goeaston.net> Content-Type:
> text/plain; charset="us-ascii"
>
> Today I had to disable private address stripping of 10.0.0.0/8
> because it was leading to SERVFAILS when looking up
> echannel.stateauto.com
>
>
>
> I'm running Unbound 1.4.16 on Centos 6.2
>
>
>
> Name : unbound
>
> Arch : x86_64
>
> Version : 1.4.16
>
> Release : 1.el6
>
>
>
> The following dig shows the presence of private addresses in the
> additional section. I thought by default Unbound would strip these
> addresses when using the respective private addresss: option in the
> config, but it appears to be leading to lookup failures. I haven't
> a clue what else I should look at, if I should modify my config or
> what. Thanks for guidance.
>
>
>
>
>
> [CDNS1]# dig @174.47.194.100 echannel.stateauto.com
>
>
>
> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @174.47.194.100
> echannel.stateauto.com
>
> ; (1 server found)
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50513
>
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 5
>
> ;; WARNING: recursion requested but not available
>
>
>
> ;; QUESTION SECTION:
>
> ;echannel.stateauto.com. IN A
>
>
>
> ;; AUTHORITY SECTION:
>
> echannel.stateauto.com. 3600 IN NS
> dc1gss.stateauto.com.
>
> echannel.stateauto.com. 3600 IN NS
> colgss.stateauto.com.
>
> echannel.stateauto.com. 3600 IN NS
> irogss.stateauto.com.
>
>
>
> ;; ADDITIONAL SECTION:
>
> dc1gss.stateauto.com. 3600 IN A 10.30.252.102
>
> dc1gss.stateauto.com. 3600 IN A 174.47.194.102
>
> colgss.stateauto.com. 3600 IN A 66.192.197.102
>
> colgss.stateauto.com. 3600 IN A 10.25.252.102
>
> irogss.stateauto.com. 3600 IN A 63.86.19.102
>
>
>
> ;; Query time: 26 msec
>
> ;; SERVER: 174.47.194.100#53(174.47.194.100)
>
> ;; WHEN: Thu Mar 21 15:44:22 2013
>
> ;; MSG SIZE rcvd: 205
>
> -------------- next part -------------- An HTML attachment was
> scrubbed... URL:
> <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/9
>
>
02d31f9/attachment-0001.html>
>
> ------------------------------
>
> Message: 2 Date: Thu, 21 Mar 2013 13:19:43 -0700 From: Bry8 Star
> <bry8star at yahoo.com> To: unbound-users at unbound.net Subject: Re:
> [Unbound-users] Reply Email Going To User Instead of Mailing-List,
> Pls Fix Message-ID: <514B6B5F.4090500 at yahoo.com> Content-Type:
> text/plain; charset="iso-8859-1"
>
> Hi Paul, Miek Gieben, I sent similar emails to others (not only to
> you), to show/demonstrate, when someone subscribing to a
> mailing-list, then he/she expect emails coming via/from the
> mailing-list, not from a person directly.
>
> It is not right to send email directly to a user or few users
> only. Initial posting and other posting are intended to be shared
> with ALL subscribers.
>
> i also have close to 200 or over mailing-list subscription, let me
> REPEAT, NONE are like this nlnetlab mailing-list.
>
> every other mailing-list ... when "Reply" button is pressed on any
> posting, then Thunderbird opens new email and places the
> mailing-list email address in the "To:" field, (except nlnetlabs.nl
> list).
>
> That is what i'm expecting.
>
> I DO NOT WANT ANY PERSON/USER TO SEND ME EMAIL DIRECTLY. I
> SUBSCRIBED to MAILING-LIST EMAIL-ADDRESS ONLY, NOT to a person's
> email.
>
> That's what i wanted all to understand.
>
> If you cannot do that, then you should also place a notice in
> subscription page that other users will start to email you
> directly, when you subscribe.
>
> AND WHEN YOU REPLY ... MAKE SURE YOU HAVE PLACED ONLY ONE EMAIL
> ADDRESS unbound-users at unbound.net IN THE "To:" FIELD, NO NEED TO
> FILL "Cc:" or "Bcc:", REMOVE "Cc:" & "Bcc:". THANK YOU.
>
> -- Bright Star.
>
>
>
> Received from Paul Wouters, on 2013-03-21 12:31 PM:
>> On Thu, 21 Mar 2013, Bry8 Star wrote:
>>
>> Please get a life. You'ev now been kill filed in my procmailrc,
>> so if you ever want to ask unbound questions again, I guess I
>> won't hear them.
>>
>> Paul
>>
>>> Hi Paul Wouters, i'm including your sent email's HEADERS,
>>> except the "X-YMailISG:" header.
>>>
>>> Why are you sending email to me ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
>>> ! ! ! ! ! ! ! ! ! ! ! ! ! !
>>>
>>> PLEASE DO NOT SEND EMAIL TO ME.
>>>
>>> SEND IT TO MAILING-LIST ONLY.
>>>
>>> I HAVE APPROVED/ALLOWED ONLY MAILING-LIST TO SEND ME EMAIL.
>>>
>>> NOT ANYBODY ELSE. -- Bright Star.
>>>
>>> X-Apparently-To: bry8star at yahoo.com via 98.139.211.135; Thu, 21
>>> Mar 2013 18:35:08 +0000 Return-Path: <paul at nohats.ca>
>>> Received-SPF: none (domain of nohats.ca does not designate
>>> permitted sender hosts) X-YMailISG: ... X-Originating-IP:
>>> [193.110.157.68] Authentication-Results:
>>> mta1164.mail.ne1.yahoo.com from=nohats.ca; domainkeys=neutral
>>> (no sig); from=nohats.ca; dkim=neutral (no sig) Received: from
>>> 127.0.0.1 (EHLO mx.nohats.ca) (193.110.157.68) by
>>> mta1164.mail.ne1.yahoo.com with SMTP; Thu, 21 Mar 2013
>>> 18:35:04 +0000 Received: from localhost (localhost [IPv6:::1])
>>> by mx.nohats.ca (Postfix) with ESMTP id 3ZWxW9087Tz9YX; Thu, 21
>>> Mar 2013 14:35:01 -0400 (EDT) X-Virus-Scanned: amavisd-new at
>>> mx.nohats.ca Received: from mx.nohats.ca ([IPv6:::1]) by
>>> localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024)
>>> with ESMTP id oDE92QPQbn1B; Thu, 21 Mar 2013 14:34:59 -0400
>>> (EDT) Received: from bofh.nohats.ca (bofh.nohats.ca
>>> [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP; Thu, 21
>>> Mar 2013 14:34:59 -0400 (EDT) Received: by bofh.nohats.ca
>>> (Postfix, from userid 500) id 2467C80BC4; Thu, 21 Mar 2013
>>> 14:35:00 -0400 (EDT) Received: from localhost (localhost
>>> [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id
>>> 17A3780862; Thu, 21 Mar 2013 14:35:00 -0400 (EDT) Date: Thu, 21
>>> Mar 2013 14:35:00 -0400 (EDT) From: Paul Wouters
>>> <paul at nohats.ca> To: Joe Abley <jabley at hopcount.ca> cc:
>>> bry8star at yahoo.com Subject: Re: [Unbound-users] Reply Email
>>> Going To User Instead of Mailing-List, Pls Fix In-Reply-To:
>>> <F0D2D69E-4967-4D1F-8411-04E9F73ED65A at hopcount.ca> Message-ID:
>>> <alpine.LFD.2.10.1303211434170.20195 at bofh.nohats.ca>
>>> References: <514B44DD.5040405 at yahoo.com>
>>> <254B9131-5067-49FF-B90A-9A3D006E8CC0 at hopcount.ca>
>>> <CAGwP77P8BEC0Ov+m8vgdzeT+xG957z5yc9KWzcbU01zPzGRdQw at mail.gmail.com>
>>>
>>>
<514B4D0D.9040804 at yahoo.com>
>>> <F0D2D69E-4967-4D1F-8411-04E9F73ED65A at hopcount.ca> User-Agent:
>>> Alpine 2.10 (LFD 1266 2009-07-14) MIME-Version: 1.0
>>> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>>> Content-Length: 227
>>>
>>>
>>>
>>>
>>> Received from Paul Wouters, on 2013-03-21 11:35 AM:
>>>> On Thu, 21 Mar 2013, Joe Abley wrote:
>>>>
>>>>> Subject: Re: [Unbound-users] Reply Email Going To User
>>>>> Instead of Mailing-List, Pls Fix
>>>>
>>>> Baby... bath water....
>>>>
>>>> Take it off list? I've gone through enough of these
>>>> "discussions".
>>>>
>>>> Paul
>>>
>>>
>
> -------------- next part -------------- A non-text attachment was
> scrubbed... Name: signature.asc Type: application/pgp-signature
> Size: 260 bytes Desc: OpenPGP digital signature URL:
> <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/3
>
>
3d752b5/attachment-0001.sig>
>
> ------------------------------
>
> Message: 3 Date: Thu, 21 Mar 2013 21:40:32 +0100 From: Miek Gieben
> <miek at miek.nl> To: unbound-users at unbound.net Subject: Re:
> [Unbound-users] Reply Email Going To User Instead of Mailing-List,
> Pls Fix Message-ID: <20130321204032.GB19273 at miek.nl> Content-Type:
> text/plain; charset="us-ascii"
>
> [ Quoting <bry8star at yahoo.com> in "Re: [Unbound-users] Reply Email
> Goi..." ]
>> Hi Paul, Miek Gieben, I sent similar emails to others (not only
>> to you), to show/demonstrate, when someone subscribing to a
>> mailing-list, then he/she expect emails coming via/from the
>> mailing-list, not from a person directly.
>
> As Paul said: kill-file
>
> Good bye, thanks -------------- next part -------------- A non-text
> attachment was scrubbed... Name: signature.asc Type:
> application/pgp-signature Size: 198 bytes Desc: Digital signature
> URL:
> <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/a
>
>
3581fd4/attachment-0001.sig>
>
> ------------------------------
>
> Message: 4 Date: Thu, 21 Mar 2013 21:58:26 +0100 From: Jaap
> Akkerhuis <jaap at NLnetLabs.nl> To: bry8star at yahoo.com Cc:
> unbound-users at unbound.net Subject: Re: [Unbound-users] Reply Email
> Going To User Instead of Mailing-List, Pls Fix Message-ID:
> <201303212058.r2LKwQ5P070462 at bela.nlnetlabs.nl>
>
>
> Please, stop sending off-topic messages to this list.
>
> If you really don't like the way the mailing list is run, you can
> always unsubscribe.
>
> jaap
>
>
> ------------------------------
>
> Message: 5 Date: Thu, 21 Mar 2013 20:18:36 -0700 From: David
> Benfell <benfell at parts-unknown.org> To: unbound-users at unbound.net
> Subject: Re: [Unbound-users] Reply Email Going To User Instead of
> Mailing-List, Pls Fix Message-ID:
> <514BCD8C.3020703 at parts-unknown.org> Content-Type: text/plain;
> charset=ISO-8859-1
>
> On 03/21/2013 01:19 PM, Bry8 Star wrote:
>> Hi Paul, Miek Gieben, I sent similar emails to others (not only
>> to you), to show/demonstrate, when someone subscribing to a
>> mailing-list, then he/she expect emails coming via/from the
>> mailing-list, not from a person directly.
>
> You are seeking to enforce what is, for all practical purposes, a
> Reply-To policy. In open source software lists, there are many who
> consider Reply-To evil.
>
> I happen not to agree with that evaluation, but from what I've
> seen, it has majority acquiescence, if not support.
>
> My advice has to be, give it up. You are not going to win this
> battle.
>
> What you will do instead is end up being banned. Which means you
> lose.
>
> End of story.
>
>
> ------------------------------
>
> Message: 6 Date: Fri, 22 Mar 2013 10:52:05 +0100 From: "W.C.A.
> Wijngaards" <wouter at nlnetlabs.nl> To: unbound-users at unbound.net
> Subject: Re: [Unbound-users] Private-address SERVFAIL Message-ID:
> <514C29C5.3060400 at nlnetlabs.nl> Content-Type: text/plain;
> charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> Hi Ehren,
>
> On 03/21/2013 09:01 PM, Ehren Hawks wrote:
>> Today I had to disable private address stripping of 10.0.0.0/8
>> because it was leading to SERVFAILS when looking up
>> echannel.stateauto.com
>
> Thank you for the bug report, this is a bug in the private address
> code where it removes the entire RRset. It is fixed to remove the
> RR (and the RRset if it becomes empty (and thus also removes its
> RRSIGs (if any)).
>
> That fixes the lookup for this domain name. It leaves the
> publicly accessible addresses intact, and the domain then
> resolves.
>
>>
>> I?m running Unbound 1.4.16 on Centos 6.2
>>
>>
>>
>> Name : unbound
>>
>> Arch : x86_64
>>
>> Version : 1.4.16
>>
>> Release : 1.el6
>>
>>
>>
>> The following dig shows the presence of private addresses in the
>> additional section. I thought by default Unbound would strip
>> these addresses when using the respective private addresss:
>> option in the config, but it appears to be leading to lookup
>> failures. I haven?t a clue what else I should look at, if I
>> should modify my config or what. Thanks for guidance.
>
> Another interesting thing is that this domain seems to discard
> incoming queries with the ADflag. Which is turned on by default in
> dig 9.9. dig +noad works fine.
>
> Best regards, Wouter
>
>
>>
>> [CDNS1]# dig @174.47.194.100 echannel.stateauto.com
>>
>>
>>
>> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>>
>> @174.47.194.100 echannel.stateauto.com
>>
>> ; (1 server found)
>>
>> ;; global options: +cmd
>>
>> ;; Got answer:
>>
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50513
>>
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL:
>> 5
>>
>> ;; WARNING: recursion requested but not available
>>
>>
>>
>> ;; QUESTION SECTION:
>>
>> ;echannel.stateauto.com. IN A
>>
>>
>>
>> ;; AUTHORITY SECTION:
>>
>> echannel.stateauto.com. 3600 IN NS dc1gss.stateauto.com.
>>
>> echannel.stateauto.com. 3600 IN NS colgss.stateauto.com.
>>
>> echannel.stateauto.com. 3600 IN NS irogss.stateauto.com.
>>
>>
>>
>> ;; ADDITIONAL SECTION:
>>
>> dc1gss.stateauto.com. 3600 IN A 10.30.252.102
>>
>> dc1gss.stateauto.com. 3600 IN A 174.47.194.102
>>
>> colgss.stateauto.com. 3600 IN A 66.192.197.102
>>
>> colgss.stateauto.com. 3600 IN A 10.25.252.102
>>
>> irogss.stateauto.com. 3600 IN A 63.86.19.102
>>
>>
>>
>> ;; Query time: 26 msec
>>
>> ;; SERVER: 174.47.194.100#53(174.47.194.100)
>>
>> ;; WHEN: Thu Mar 21 15:44:22 2013
>>
>> ;; MSG SIZE rcvd: 205
>>
>>
>>
>> _______________________________________________ Unbound-users
>> mailing list Unbound-users at unbound.net
>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>>
>
> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJRTCnFAAoJEJ9vHC1+BF+NRU0P/2k8UchYFkFoME5o4k7V871+
> 9cWvIYNo9wV9HND/WqVnIYr1R5oBvJkmV1wsIcjRt3ZQhg0Hrwjoxd+zNWfr00M5
> dnx+52p+tEc8lpEw7feEF134aKXej3VcXXHnsiHVB1IggkVOM4/cmQkLshBcUEHt
> BtaqYQxO3StYdRHQRHoKNaxSXVRO2VCzyO090iK4zeh2jhNs3xpforSNqiR+jJt0
> T52n0F4QsoPQqvopLzRW+D5nBPIF+TrokYhJuAnIUW5nYRUlIvs8JwxJO9Vs7z1n
> zuo0+eEPSL5qo43Y9TB1nap62oDfr44SyiniovfIIvW923Nsj4gsAYgMr7KuwvMU
> zUviFqVKF9b6Vgs2xzPLHX8/nNT8SafgC5Xlsd0C2RpVgTdhlDMQ0V6EPa1R1x3g
> PtLZzIt8HK86NSZDcjVv/qPeDX7qEmGrBUVvUGJ63vO++1+E2X+eS8xraNwTjix0
> wFOsYgCtmU/DZ7jNs5gfLmnN8stH7qzebk12LSRMZ5U45cADq80suy8OdKyqSYaK
> X7dQM1/plweTvDBxO38bwysqwRdM3Aj3uLNNK6a71KyyrZm+7XhZSBG7lQeBUy8H
> MrpnWQJC3k7Xkb0UD/w83O0CK65fWX4SYyfC431ZB1+IwUuis4af9d2lfJfdB2Ef
> yna3+WLTtPmvmHHMKS1G =dFX5 -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
> End of Unbound-users Digest, Vol 64, Issue 15
> *********************************************
>
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRUAZXAAoJEJ9vHC1+BF+NrDkQAJNNdugq1q8bz+TYODX1GNii
9Pvtz5JoQZdDiULR1zRBQvu6ZIZtPatalUJCdnGrU6RCmxRb4T7b4VTjoXCeGRbE
KZ/XcW98vESx1wWkgBfofjckiXDmCGaSMp//v4JyFhbowEnkYnGmTU8aCit7Nnd+
DGCUMxdQn0cJGbIVs/jkcCh0hMIzphYtzkFv2v6o60ViMjIq8RZqXV7/+lXk0bMY
Ng2GhxF5N+MXIpYy4AsjKJu6euUiFr8fAsFoG/p2fdpqiH5RZo6XgFdqDsgL85jW
jpYRrO5eoznIFtf0en/NHd81VHGi2PmsykP++25rxJ9kFu4PuKW3zSFL7amNyl2i
zeUEr6BTjaE60zBynJOZver55LI7ErjmSvVOhTu4PvlN2LBvcDVYZfqjDf5ByKba
zMX0pgYjv66YOso6J531Jt+SAhdTeTje/E3q7s33PP8nlwla/g0KxrRFV/uKThRi
jN6w5vZS6kkhgqWdApFZXKaZrtervGzEZZDeaqChBZk762GklZAqg4yF0GGJU2N2
AeQbpdrBj3RudTkrYiAZOdidUjjx4MODZbM02H8Nd0PW+a4uSNDAZgn4AytIxcbB
LjH4kaDWvTvbuvS6Aa1xArkvKpCiUJavDVTPtz2PGSe2b/eyHMirjoadJYRBust5
tAv4lvDJzemjBNG21I/A
=IF9r
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list