01-24-2020
What determines DNS will query IPV6 address?
When I do simple nslookup it does not generate any query for IPV6 (AAAA). But sometimes I see DNS query for both A and AAAA are generated. What decides this? The reason I do not want AAAA query is in most of the cases AAAA records are absent. Hence, if one DNS server fails, the clients keeps attempting to send AAAA query.
10 More Discussions You Might Find Interesting
1. IP Networking
Hello,
i have a problem with a dns server. It is running bind 9.4.1 (compiled with "-enable-ipv6") on an AIX 5.3 system. The server starts without any errors or warnings. I am also able to lookup names for IPv4 adresses. But with IPv6 i have a strange problem.
When i execute the following dig... (3 Replies)
Discussion started by: skanatiker
3 Replies
2. Programming
I know there is a function inet_tpon for unix platforms to validate ipv6 addresses.But i need an equivalent of windows.When i use this function with the header file <winsock2.h> the visual studio 2005 on win2003 issues an error saying identifier not found
:confused: (3 Replies)
Discussion started by: guru13
3 Replies
3. Solaris
Hi,
inspired by this article, I decided to implement IPMP + IPv6 in Solaris 10.
It worked for me only this way:
1. Setup
# cat /etc/hostname*
10.23.10.113/24 broadcast + group data failover up <- hostname.e1000g0
0.0.0.0/24 broadcast + group data -failover deprecated up standby... (3 Replies)
Discussion started by: masloff
3 Replies
4. Shell Programming and Scripting
Hi all ,
I have a string in my weblog xheader v6-day-2011:xx:yy:zz:qq:qq:ww:ee:rr
My requirement is to lookup the sting v6-day-2011 in this header and if found would like to extract the V6 ip part .
v6-day-2011 is always constant for a ipv6 entry so i would like to extract every thing... (4 Replies)
Discussion started by: jambesh
4 Replies
5. HP-UX
How do I configure site-local IPv6 address in HP-UX box?
I can get link local IPv6 address automatically when I put IPv6 up.
aps39-88-root# ifconfig lan0 inet6 up (0 Replies)
Discussion started by: kirtikjr
0 Replies
6. Solaris
hi, i have a Solaris 10 DNS server, how do you check whether it can support IPv6 networking ? (0 Replies)
Discussion started by: Exposure
0 Replies
7. BSD
Hi,
Am using FreeBSD7.4/i386
During IPv6 configuration, I added the following in rc.conf as
Restarted IPv6 network using /etc/rc.d/network_ipv6 restart..
My problem is I need to set link local IPv6 address auto-configured..
Is my proceeding right??
I feel something missing to make... (0 Replies)
Discussion started by: Priya Amaresh
0 Replies
8. Solaris
I have Bind running on a Solaris box that is our main public DNS. Given my very limited knowledge on DNS, I changed a few of the zones in the DNS to be 'dual-stack'. I did it through Webmin, but I know that I can also do it by adding an AAAA-record to the zone file.
My question is how can I make... (2 Replies)
Discussion started by: Dardeer
2 Replies
9. Shell Programming and Scripting
Hi All,
Would anyone know how to modify the below, so only the IPv6 address (red) is printed, please?
(in other words, what's between inet6 and the / sign)
ipv6=`/sbin/ifconfig lo0:5 inet6 | grep 'inet6'`
print $ipv6
Currently the output of the above script is:
inet6... (7 Replies)
Discussion started by: chatguy
7 Replies
10. Red Hat
I want to find out the DHCPv6 server's ip address in the network. I went through the lease files but could find only duid/server-id and not the IPv6 address of the dhcp server. And I couldn't find any commands to get that information. Is there a way to get the DHCPv6 server's IPv6 address?
... (0 Replies)
Discussion started by: bshalini
0 Replies
DANE(1) Internet / DNS DANE(1)
NAME
dane - Generate TLSA/HASTLS DNS records by scanning SSL/TLS sites
SYNTAX
dane [-v] [-q] [-h] [-v] [--draft|--rfc] [--sha256] [--sha512] [--full] [--insecure] [--pubkey] [--txt] [--eecert] [--cacert] [-4] [-6]
[--axfr] [-n <nameserver>] host1 [host2 ...]] [@nameserver]]
DESCRIPTION
dane generates TLSA/HASTLS records based on the IETF DANE working group proposal. These are currently in draft, so private RRTYPE
assignments are used. Records are generated by connecting to the website using SSL and grabbing its (EE) certificate. If the nameserver of
the domain allows zone tranfers (AXFR), an entire domain can be processed for all its A/AAAA records.
OPTIONS
-n / --nameserver <hostname1>
Use specified nameserver for AXFR query
-q / --quiet
Supress all warnings - useful when scanning lots of host where some do not run SSL
--axfr
Use AXFR. Implies -n nameserver (or @nameserver). Hosts are treated as zones to AXFR.
--tlsa
Output TLSA record from SSL server scan results (default)
--eecert
Output TLSA record format EE certificates (type 1) (default)
--pubkey
Output TLSA record for just the public key (type unassined) (not implemented yet)
--txt
Output Kaminsky style TXT record for (not implemented yet)
--cacert
Output TLSA record for the entire CA chain and EE-cert (not yet implemented)
--sha256
Output TLSA record reference type 1 (SHA256) records (default)
--sha512
Output TLSA record reference type 2 (SHA512) records
--full
Output TLSA record reference type 0 (full cert) records
--draft
Output Unknown Resource Record format with private RRTYPE assignment. This is used while the standard is still in draft form, and for
when your nameserver does not (yet) support the new RRTYPE names. This option is the default (if --rfc is not specified) as long as
dane is has not be released as RFC.
--rfc
Specify records using the RRTYPE's TLSA (and HASTLA)
--insecure
Continue scanning even if the A/AAAA records could not be validated using DNSSEC
-4
Only use ipv4 networking - do not attempt to connect to AAAA SSL sites
-6
Only use ipv6 networking - do not attempt to connect to A SSL sites
-h / --help
Output help information and exit.
-v / --version
Output version information and exit.
FILES
~/.ssh/known_hosts
REQUIREMENTS
dane requires python-dns and python-argparse(http://www.pythondns.org)
Fedora: yum install python-dns python-argparse
Debian: apt-get install python-dnspython python-argparse
BUGS
I'm sure there are
EXAMPLES
typical usage:
dane www.xelerance.com
dane --rfc --sha512 www.xelerance.com
dane --insecure --draft xelerance.com @ns0.xelerance.net
SEE ALSO
sshfp(1) ssh(1) and RFC-XXXX
http://www.xelerance.com/software/sshfp/
http://lists.xelerance.com/mailman/listinfo/sshfp/
AUTHORS
Paul Wouters <paul@xelerance.com>
COPYRIGHT
Copyright 2011 Xelerance Corporation
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See
<http://www.fsf.org/copyleft/gpl.txt>.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License (file COPYING in the distribution) for more
details.
Paul Wouters April 12, 2011 DANE(1)