KutuKupret colorful website
Date: 3 Nov 2005
Author: Daniel Stenberg
License: freely available to do whatever you want with.
roundrobin.c – test the round robin DNS features of the resolver functions
Note: this test script is written to be compiled and run on Linux. It is
not as portable as it could be, but that is just to make it a simpler test
case.
$ gcc roundrobin.c
This source snippet resolves a name with multiple IP addresses and prints them out in the order the addresses were returned by the resolving function. It first uses getaddrinfo() (called GAI) and then gethostbyname() (called GHBN).
On my three test machines they both show the same sympthoms:
The GAI list is a lot less “random” than the GHBN one. The GAI list almost always returns the same first entry on repeated invokes (while the subsequent entries comes somewhat more random). The GHBN list is returned in a much more random fashion.
The test machines are all running Debian Unstable glibc 2.3.5
What this program does:
It runs N resolves of a given host names. It stores the order it gets the returned addresses. When all N resolves are done, it checks how the returned addresses were distributed. The procedure is first done with GAI and then with GHBN. The output is presented in list index order. That means: ‘index 0’ is the first address in the returned list and ‘index 1’ is the second address and so on. We have found out that in the GAI case you very often get 100% of the same address in index 0.
We have three hosts names that resolves to multiple IP addresses:
bad2.haxx.se bad10.haxx.se bad11.haxx.se
As you will see, none of them resolves any sensible data for other purposes
than resolve tests or similar.
source: http://www.dyndns.com/support/kb/ipv6_with_custom_secdns.html
As part of Dyn Inc.’s IPv6 implementation plan, DynDNS.com has recently made a new IPv6 nameserver available for Custom DNS and Secondary DNS customers. Whether you’re looking to get a jump on the transition to IPv6 or you’re simply curious, we’ve created this short tutorial to help you make use of the new nameserver.
Before we begin, please note that the information in this article is purely for testing and educational purposes. DynDNS.com does not currently guarantee the availability of its IPv6 test servers, so please exercise caution when adding them to the delegation of a domain. Additionally, this article does not provide instructions for configuring IPv6 in your environment, and assumes that you have already done so.
I’ve been thinking on how to create reverse zone for /64 subnet from delegated routed /48 from Hurricane Electric. First when i was first time request delegation for routed /48 i’ve defined this configuration on my nameservers
In named.conf
zone "7.e.8.f.0.7.4.0.1.0.0.2.ip6.arpa" {
type master;
file "reverse-2001-470-f8e7_48.IP6.ARPA";
};
I’ve just upgrading one of my dns server recently. Orginaly centos 4.7 using bind-9.2.4-30.el4_7.2. Although this version not affected by cache poisoning vulnerability. as Dan Kaminsky announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server. Here’s how to upgrade bind-9.2.4 to bind-9.5.0.
Download the SOURCE rpms
# wget http://patrick.vande-walle.eu/upload/bind-9.5.0-33.P1.src.rpm
Compile/Build source RPM
# rpm -Ivh bind-9.5.0-33.P1.src.rpm # cd /usr/src/redhat/SPECS/ # vi bind.spec
find this lines
# configuration files:
tar -C ${RPM_BUILD_ROOT} -xf %{SOURCE28}
change it to
tar -C ${RPM_BUILD_ROOT} -xjf %{SOURCE28}
Source28 is tar.bz2 file so we need tar -xjf options