Techlog

Another DNS problem

2025-03-29

Another troubleshooting tale.

When you look at the following output, what is your first guess?

root@mail:~# postqueue -p
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
D94947FBE83    1331 Thu Apr  3 15:18:58  jens@example.net
(Host or domain name not found. Name service error for name=example.com type=MX: Host not found, try again)
                                         foobar@example.com

DNS right? Nope! Well kind off.

In reality it was another domain and not example.com, and it was of many mails I wrote that day and the only one that couldn’t be delivered. What looked like a DNS problem at first glance was accutaly an IPv4 routing problem inside the provider network.

Using make for system administration

2025-03-29

#Linux #Tools

In another blog post I wrote that I’m using make to restart BIND and showed the following example:

root@dns:/etc/bind# cat Makefile
all:
        /usr/sbin/named-checkconf -z
        /usr/sbin/rndc reload

The all in the above Makefile is the default target used when calling make without options. The second line (Note that there is a TAB) runs a bind tool called named-checkconf with the option -z to check the BIND configuration and zones. If that works the third line is executed and BIND is restarted. If named-checkconf fails because you have a bad configuration the third line will not be executed.

Need help?

2025-03-20

#IPv6 #Linux #DNS

Some shameless advertising:

If you need some help with IPv6, DNS, Linux, Automation and related stuff feel free to contact me. I’m available for about two days a week, remote preferred.

Disabling IPv6

2025-03-08

#IPv6

Yet another Mastodon-inspired post. In this toot the author reports that downloading python packages is slow, and the Internet said that disabling IPv6 is the solution.

Slow can mean two different things here. If the host I’m using has a globally unique IPv6 address, but my connection to the outside is broken somehow, most software would try IPv6 first and then, after a timeout would fall back to IPv4 and try again. It can also mean that the IPv6 connection is working, but the download is actually slow.

ip6tables - Do you spot the error?

2025-02-27

#IPv6 #Linux

Some time ago I was asked why IPv6 wasn’t working. The customer had just configured some ip6tables rules and IPv6 stopped working. See if you can spot the error in the following example rule set:

ip6tables -A INPUT -p ICMP -j ACCEPT
ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -p tcp --dport ssh  -j ACCEPT
ip6tables -A INPUT -j DROP

The mistake is in line one. In IPv6 neighbor discovery and other functions rely on ICMPv6 which is a different protocol then ICMP. Some how ip6tables is fine with loading the ICMP protocol.