[prev in list] [next in list] [prev in thread] [next in thread]
List: djbdns
Subject: Re: tinydns location doesn't work with IPsec
From: Jason Mader <jason () ncac ! gwu ! edu>
Date: 2008-03-31 20:35:50
Message-ID: alpine.OSX.1.10.0803311626210.36432 () Zrebz ! frnf ! tjh ! rqh
[Download RAW message or body]
On Mon, 31 Mar 2008, Emilio Perea wrote:
> On Mon, Mar 31, 2008 at 09:30:01AM -0400, Jason Mader wrote:
> > I've noticed that when using location on a record in tinydns that a client
> > with an ah transport IPsec connection to the DNS server (OpenBSD) the
> > client will get an NXDOMAIN even though the client IP address matches the
> > prefix.
> >
> > Does anyone have a workaround for the bug?
>
> I'm not sure what you are seeing is a tinydns bug. What IP address does
> the tinydns log show the query as coming from?
[128.164.144.144]# dnsq a lab-color.lp.seas.gwu.edu 128.164.159.159
[128.164.159.159]# tail -f current | perl ~/tinydns-log.pl
@4000000047f148ed2c3a22cc 128.164.144.144:32738:13246 + a lab-color.lp.seas.gwu.edu
And the relevant configuration,
%GW:128.164
=lab-color.lp.seas.gwu.edu:172.16.2.1:::GW
If I've characterized this right, even when I do something such as,
%GW:128.164
%ex
=lab-color.lp.seas.gwu.edu:172.16.2.1:::GW
=lab-color.lp.seas.gwu.edu:172.16.2.2:::ex
DNS client host 128.164.144.144 (which has ah transport mode to
128.164.159.159) will get,
$ dnsq a lab-color.lp.seas.gwu.edu 128.164.159.159
1 lab-color.lp.seas.gwu.edu:
95 bytes, 1+0+1+0 records, response, authoritative, nxdomain
query: 1 lab-color.lp.seas.gwu.edu
authority: seas.gwu.edu 2560 SOA a.ns.seas.gwu.edu hostmaster.seas.gwu.edu 1206995383 \
16384 2048 1048576 2560
Otherwise tinydns location works exactly as I expect from other hosts.
---Jason Mader, FHWA/NHTSA National Crash Analysis Center,
The George Washington University, VA Campus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic