Maintained by: NLnet Labs

[Unbound-users] Private-address SERVFAIL

Ehren Hawks
Fri Mar 22 17:10:14 CET 2013


Wouter, 

Thank you for taking the time to review my issue. One more question, is this
a patchable fix and or something that will be available in future releases
of Unbound?


-----Original Message-----
From: unbound-users-bounces at unbound.net
[mailto:unbound-users-bounces at unbound.net] On Behalf Of
unbound-users-request at unbound.net
Sent: Friday, March 22, 2013 5:52 AM
To: unbound-users at unbound.net
Subject: Unbound-users Digest, Vol 64, Issue 15

Send Unbound-users mailing list submissions to
	unbound-users at unbound.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
or, via email, send a message with subject or body 'help' to
	unbound-users-request at unbound.net

You can reach the person managing the list at
	unbound-users-owner at unbound.net

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Unbound-users digest..."


Today's Topics:

   1. Private-address SERVFAIL (Ehren Hawks)
   2. Re: Reply Email Going To User Instead of Mailing-List, Pls
      Fix (Bry8 Star)
   3. Re: Reply Email Going To User Instead of Mailing-List, Pls
      Fix (Miek Gieben)
   4. Re: Reply Email Going To User Instead of	Mailing-List, Pls
      Fix (Jaap Akkerhuis)
   5. Re: Reply Email Going To User Instead of Mailing-List, Pls
      Fix (David Benfell)
   6. Re: Private-address SERVFAIL (W.C.A. Wijngaards)


----------------------------------------------------------------------

Message: 1
Date: Thu, 21 Mar 2013 16:01:36 -0400
From: "Ehren Hawks" <ehawks at goeaston.net>
To: <unbound-users at unbound.net>
Subject: [Unbound-users] Private-address SERVFAIL
Message-ID: <008b01ce266e$e4ea6e30$aebf4a90$@goeaston.net>
Content-Type: text/plain; charset="us-ascii"

Today I had to disable private address stripping of 10.0.0.0/8 because it
was leading to SERVFAILS when looking up echannel.stateauto.com

 

I'm running Unbound 1.4.16 on Centos 6.2

 

Name        : unbound

Arch        : x86_64

Version     : 1.4.16

Release     : 1.el6

 

The following dig shows the presence of private addresses in the additional
section. I thought by default Unbound would strip these addresses when using
the respective private addresss: option in the config, but it appears to be
leading to lookup failures. I haven't a clue what else I should look at, if
I should modify my config or what. Thanks for guidance.

 

 

[CDNS1]# dig @174.47.194.100 echannel.stateauto.com

 

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @174.47.194.100
echannel.stateauto.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50513

;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 5

;; WARNING: recursion requested but not available

 

;; QUESTION SECTION:

;echannel.stateauto.com.                IN      A

 

;; AUTHORITY SECTION:

echannel.stateauto.com. 3600    IN      NS      dc1gss.stateauto.com.

echannel.stateauto.com. 3600    IN      NS      colgss.stateauto.com.

echannel.stateauto.com. 3600    IN      NS      irogss.stateauto.com.

 

;; ADDITIONAL SECTION:

dc1gss.stateauto.com.   3600    IN      A       10.30.252.102

dc1gss.stateauto.com.   3600    IN      A       174.47.194.102

colgss.stateauto.com.   3600    IN      A       66.192.197.102

colgss.stateauto.com.   3600    IN      A       10.25.252.102

irogss.stateauto.com.   3600    IN      A       63.86.19.102

 

;; Query time: 26 msec

;; SERVER: 174.47.194.100#53(174.47.194.100)

;; WHEN: Thu Mar 21 15:44:22 2013

;; MSG SIZE  rcvd: 205

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/9
02d31f9/attachment-0001.html>

------------------------------

Message: 2
Date: Thu, 21 Mar 2013 13:19:43 -0700
From: Bry8 Star <bry8star at yahoo.com>
To: unbound-users at unbound.net
Subject: Re: [Unbound-users] Reply Email Going To User Instead of
	Mailing-List, Pls Fix
Message-ID: <514B6B5F.4090500 at yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi Paul, Miek Gieben,
I sent similar emails to others (not only to you), to show/demonstrate, when
someone subscribing to a mailing-list, then he/she expect emails coming
via/from the mailing-list, not from a person directly.

It is not right to send email directly to a user or few users only.
Initial posting and other posting are intended to be shared with ALL
subscribers.

i also have close to 200 or over mailing-list subscription, let me REPEAT,
NONE are like this nlnetlab mailing-list.

every other mailing-list ... when "Reply" button is pressed on any posting,
then Thunderbird opens new email and places the mailing-list email address
in the "To:" field, (except nlnetlabs.nl list).

That is what i'm expecting.

I DO NOT WANT ANY PERSON/USER TO SEND ME EMAIL DIRECTLY.
I SUBSCRIBED to MAILING-LIST EMAIL-ADDRESS ONLY, NOT to a person's email.

That's what i wanted all to understand.

If you cannot do that, then you should also place a notice in subscription
page that other users will start to email you directly, when you subscribe.

AND WHEN YOU REPLY ... MAKE SURE YOU HAVE PLACED ONLY ONE EMAIL ADDRESS
unbound-users at unbound.net IN THE "To:" FIELD, NO NEED TO FILL "Cc:" or
"Bcc:", REMOVE "Cc:" & "Bcc:". THANK YOU.

-- Bright Star.



Received from Paul Wouters, on 2013-03-21 12:31 PM:
> On Thu, 21 Mar 2013, Bry8 Star wrote:
> 
> Please get a life. You'ev now been kill filed in my procmailrc, so if 
> you ever want to ask unbound questions again, I guess I won't hear 
> them.
> 
> Paul
> 
>> Hi Paul Wouters,
>> i'm including your sent email's HEADERS, except the "X-YMailISG:"
>> header.
>>
>> Why are you sending email to me ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
>> ! ! ! ! ! ! ! ! ! ! ! !
>>
>> PLEASE DO NOT SEND EMAIL TO ME.
>>
>> SEND IT TO MAILING-LIST ONLY.
>>
>> I HAVE APPROVED/ALLOWED ONLY MAILING-LIST TO SEND ME EMAIL.
>>
>> NOT ANYBODY ELSE.
>> -- Bright Star.
>>
>> X-Apparently-To: bry8star at yahoo.com via 98.139.211.135; Thu, 21 Mar
>> 2013 18:35:08 +0000
>> Return-Path: <paul at nohats.ca>
>> Received-SPF: none (domain of nohats.ca does not designate permitted 
>> sender hosts)
>> X-YMailISG: ...
>> X-Originating-IP: [193.110.157.68]
>> Authentication-Results: mta1164.mail.ne1.yahoo.com  from=nohats.ca; 
>> domainkeys=neutral (no sig);  from=nohats.ca; dkim=neutral (no sig)
>> Received: from 127.0.0.1  (EHLO mx.nohats.ca) (193.110.157.68)  by 
>> mta1164.mail.ne1.yahoo.com with SMTP; Thu, 21 Mar 2013 18:35:04
>> +0000
>> Received: from localhost (localhost [IPv6:::1])
>>     by mx.nohats.ca (Postfix) with ESMTP id 3ZWxW9087Tz9YX;
>>     Thu, 21 Mar 2013 14:35:01 -0400 (EDT)
>> X-Virus-Scanned: amavisd-new at mx.nohats.ca
>> Received: from mx.nohats.ca ([IPv6:::1])
>>     by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024)
>>     with ESMTP id oDE92QPQbn1B; Thu, 21 Mar 2013 14:34:59 -0400 (EDT)
>> Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69])
>>     by mx.nohats.ca (Postfix) with ESMTP;
>>     Thu, 21 Mar 2013 14:34:59 -0400 (EDT)
>> Received: by bofh.nohats.ca (Postfix, from userid 500)
>>     id 2467C80BC4; Thu, 21 Mar 2013 14:35:00 -0400 (EDT)
>> Received: from localhost (localhost [127.0.0.1])
>>     by bofh.nohats.ca (Postfix) with ESMTP id 17A3780862;
>>     Thu, 21 Mar 2013 14:35:00 -0400 (EDT)
>> Date: Thu, 21 Mar 2013 14:35:00 -0400 (EDT)
>> From: Paul Wouters <paul at nohats.ca>
>> To: Joe Abley <jabley at hopcount.ca>
>> cc: bry8star at yahoo.com
>> Subject: Re: [Unbound-users] Reply Email Going To User Instead of 
>> Mailing-List, Pls Fix
>> In-Reply-To: <F0D2D69E-4967-4D1F-8411-04E9F73ED65A at hopcount.ca>
>> Message-ID: <alpine.LFD.2.10.1303211434170.20195 at bofh.nohats.ca>
>> References: <514B44DD.5040405 at yahoo.com> 
>> <254B9131-5067-49FF-B90A-9A3D006E8CC0 at hopcount.ca>
>> <CAGwP77P8BEC0Ov+m8vgdzeT+xG957z5yc9KWzcbU01zPzGRdQw at mail.gmail.com>
>> <514B4D0D.9040804 at yahoo.com>
>> <F0D2D69E-4967-4D1F-8411-04E9F73ED65A at hopcount.ca>
>> User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
>> MIME-Version: 1.0
>> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>> Content-Length: 227
>>
>>
>>
>>
>> Received from Paul Wouters, on 2013-03-21 11:35 AM:
>>> On Thu, 21 Mar 2013, Joe Abley wrote:
>>>
>>>> Subject: Re: [Unbound-users] Reply Email Going To User Instead of 
>>>> Mailing-List, Pls Fix
>>>
>>> Baby... bath water....
>>>
>>> Take it off list? I've gone through enough of these "discussions".
>>>
>>> Paul
>>
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL:
<https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/3
3d752b5/attachment-0001.sig>

------------------------------

Message: 3
Date: Thu, 21 Mar 2013 21:40:32 +0100
From: Miek Gieben <miek at miek.nl>
To: unbound-users at unbound.net
Subject: Re: [Unbound-users] Reply Email Going To User Instead of
	Mailing-List, Pls Fix
Message-ID: <20130321204032.GB19273 at miek.nl>
Content-Type: text/plain; charset="us-ascii"

[ Quoting <bry8star at yahoo.com> in "Re: [Unbound-users] Reply Email Goi..." ]
> Hi Paul, Miek Gieben,
> I sent similar emails to others (not only to you), to 
> show/demonstrate, when someone subscribing to a mailing-list, then 
> he/she expect emails coming via/from the mailing-list, not from a 
> person directly.

As Paul said: kill-file

Good bye, thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130321/a
3581fd4/attachment-0001.sig>

------------------------------

Message: 4
Date: Thu, 21 Mar 2013 21:58:26 +0100
From: Jaap Akkerhuis <jaap at NLnetLabs.nl>
To: bry8star at yahoo.com
Cc: unbound-users at unbound.net
Subject: Re: [Unbound-users] Reply Email Going To User Instead of
	Mailing-List, Pls Fix
Message-ID: <201303212058.r2LKwQ5P070462 at bela.nlnetlabs.nl>


Please, stop sending off-topic messages to this list.

If you really don't like the way the mailing list is run, you can always
unsubscribe.

	jaap


------------------------------

Message: 5
Date: Thu, 21 Mar 2013 20:18:36 -0700
From: David Benfell <benfell at parts-unknown.org>
To: unbound-users at unbound.net
Subject: Re: [Unbound-users] Reply Email Going To User Instead of
	Mailing-List, Pls Fix
Message-ID: <514BCD8C.3020703 at parts-unknown.org>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/21/2013 01:19 PM, Bry8 Star wrote:
> Hi Paul, Miek Gieben, I sent similar emails to others (not only to 
> you), to show/demonstrate, when someone subscribing to a mailing-list, 
> then he/she expect emails coming via/from the mailing-list, not from a 
> person directly.
> 
You are seeking to enforce what is, for all practical purposes, a Reply-To
policy. In open source software lists, there are many who consider Reply-To
evil.

I happen not to agree with that evaluation, but from what I've seen, it has
majority acquiescence, if not support.

My advice has to be, give it up. You are not going to win this battle.

What you will do instead is end up being banned. Which means you lose.

End of story.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRS82LAAoJELJhbl/uPb4S1YgP/jheTe421iwc1E75Np2PA8EL
+fWC4edoOl7jP36NYony0TP4tXoPxdw5ZrnxbEpN8e1kblSLPmF0x/xG3BH5HGgF
kcQbHN/6TPQOHzrkqBjYLkuRs/EYMbhtUHljcoBNAPzTLcVRxZ701cef1THns+k5
KgnbHgL1RMi5oa71Xi7Zm0rc5OMSBONCpQofuQAv4uEOCNYq9BzuisWOP3WU4xou
rECXbmevKy5L107qSeRSKtOTf7Mg2A37taZ2BXVzkiq4yXvDKwNex5t+MNZAPdvv
GH0KWXq2Xw1WffGlq0uoD6K3Vg998XXei3gbQwc2W9UjouhYnlHnEujHkLCkLwb+
E78gAYVJFkr6lLEo6tVarLGCTaiS07UAtEhrqVdibPVQqXSRrK0ilZr+bVl6Pn/S
LmvjiK7kDF6k9UP2kNpnvMwSE+5JwyA+l2ZP6HtbEmppAeuJ53WtMKPDSqaipQGK
xB2QGGdE7p0yTMm72qMnZpuYM8y4R4Us6fqMK97xc0a+qKSyoqWW2Jt2Qbv0i5yi
bmDriVjDJAbnhtovz/FVfC/VqusZMW0/8NJxNlxIRVT2cip6D8yKa+aYZiPDStQf
8GeFh7ZpTHQivEP9q3ygLnWOrERGmSgJS8m9LtpdoO0eB94SnQtVBjNdNWjGjlRt
XexaPdXGz1HNBvs7uYa7
=kQhf
-----END PGP SIGNATURE-----


------------------------------

Message: 6
Date: Fri, 22 Mar 2013 10:52:05 +0100
From: "W.C.A. Wijngaards" <wouter at nlnetlabs.nl>
To: unbound-users at unbound.net
Subject: Re: [Unbound-users] Private-address SERVFAIL
Message-ID: <514C29C5.3060400 at nlnetlabs.nl>
Content-Type: text/plain; charset=ISO-8859-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ehren,

On 03/21/2013 09:01 PM, Ehren Hawks wrote:
> Today I had to disable private address stripping of 10.0.0.0/8 because 
> it was leading to SERVFAILS when looking up echannel.stateauto.com

Thank you for the bug report, this is a bug in the private address code
where it removes the entire RRset.  It is fixed to remove the RR (and the
RRset if it becomes empty (and thus also removes its RRSIGs (if any)).

That fixes the lookup for this domain name.  It leaves the publicly
accessible addresses intact, and the domain then resolves.

> 
> I?m running Unbound 1.4.16 on Centos 6.2
> 
> 
> 
> Name        : unbound
> 
> Arch        : x86_64
> 
> Version     : 1.4.16
> 
> Release     : 1.el6
> 
> 
> 
> The following dig shows the presence of private addresses in the 
> additional section. I thought by default Unbound would strip these 
> addresses when using the respective private addresss: option in the 
> config, but it appears to be leading to lookup failures. I haven?t a 
> clue what else I should look at, if I should modify my config or what. 
> Thanks for guidance.

Another interesting thing is that this domain seems to discard incoming
queries with the ADflag.  Which is turned on by default in dig 9.9.  dig
+noad works fine.

Best regards,
   Wouter


> 
> [CDNS1]# dig @174.47.194.100 echannel.stateauto.com
> 
> 
> 
> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @174.47.194.100 
> echannel.stateauto.com
> 
> ; (1 server found)
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50513
> 
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 5
> 
> ;; WARNING: recursion requested but not available
> 
> 
> 
> ;; QUESTION SECTION:
> 
> ;echannel.stateauto.com.                IN      A
> 
> 
> 
> ;; AUTHORITY SECTION:
> 
> echannel.stateauto.com. 3600    IN      NS
> dc1gss.stateauto.com.
> 
> echannel.stateauto.com. 3600    IN      NS
> colgss.stateauto.com.
> 
> echannel.stateauto.com. 3600    IN      NS
> irogss.stateauto.com.
> 
> 
> 
> ;; ADDITIONAL SECTION:
> 
> dc1gss.stateauto.com.   3600    IN      A       10.30.252.102
> 
> dc1gss.stateauto.com.   3600    IN      A       174.47.194.102
> 
> colgss.stateauto.com.   3600    IN      A       66.192.197.102
> 
> colgss.stateauto.com.   3600    IN      A       10.25.252.102
> 
> irogss.stateauto.com.   3600    IN      A       63.86.19.102
> 
> 
> 
> ;; Query time: 26 msec
> 
> ;; SERVER: 174.47.194.100#53(174.47.194.100)
> 
> ;; WHEN: Thu Mar 21 15:44:22 2013
> 
> ;; MSG SIZE  rcvd: 205
> 
> 
> 
> _______________________________________________ Unbound-users mailing 
> list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRTCnFAAoJEJ9vHC1+BF+NRU0P/2k8UchYFkFoME5o4k7V871+
9cWvIYNo9wV9HND/WqVnIYr1R5oBvJkmV1wsIcjRt3ZQhg0Hrwjoxd+zNWfr00M5
dnx+52p+tEc8lpEw7feEF134aKXej3VcXXHnsiHVB1IggkVOM4/cmQkLshBcUEHt
BtaqYQxO3StYdRHQRHoKNaxSXVRO2VCzyO090iK4zeh2jhNs3xpforSNqiR+jJt0
T52n0F4QsoPQqvopLzRW+D5nBPIF+TrokYhJuAnIUW5nYRUlIvs8JwxJO9Vs7z1n
zuo0+eEPSL5qo43Y9TB1nap62oDfr44SyiniovfIIvW923Nsj4gsAYgMr7KuwvMU
zUviFqVKF9b6Vgs2xzPLHX8/nNT8SafgC5Xlsd0C2RpVgTdhlDMQ0V6EPa1R1x3g
PtLZzIt8HK86NSZDcjVv/qPeDX7qEmGrBUVvUGJ63vO++1+E2X+eS8xraNwTjix0
wFOsYgCtmU/DZ7jNs5gfLmnN8stH7qzebk12LSRMZ5U45cADq80suy8OdKyqSYaK
X7dQM1/plweTvDBxO38bwysqwRdM3Aj3uLNNK6a71KyyrZm+7XhZSBG7lQeBUy8H
MrpnWQJC3k7Xkb0UD/w83O0CK65fWX4SYyfC431ZB1+IwUuis4af9d2lfJfdB2Ef
yna3+WLTtPmvmHHMKS1G
=dFX5
-----END PGP SIGNATURE-----


------------------------------

_______________________________________________
Unbound-users mailing list
Unbound-users at unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

End of Unbound-users Digest, Vol 64, Issue 15
*********************************************