{"id":5735,"date":"2021-06-18T14:36:38","date_gmt":"2021-06-18T11:36:38","guid":{"rendered":"https:\/\/skeletor.org.ua\/?p=5735"},"modified":"2021-06-18T14:37:33","modified_gmt":"2021-06-18T11:37:33","slug":"isc-bind-named-%d0%b2%d0%ba%d0%bb%d1%8e%d1%87%d0%b0%d0%b5%d0%bc-%d0%bf%d1%80%d0%b8%d0%bd%d1%83%d0%b4%d0%b8%d1%82%d0%b5%d0%bb%d1%8c%d0%bd%d0%be-ipv4-%d0%b4%d0%bb%d1%8f-slave-resolving","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=5735","title":{"rendered":"ISC bind\/named: \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e IPv4 \u0434\u043b\u044f slave\/resolving"},"content":{"rendered":"\n

\u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0441\u044f \u0441 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0435\u0439, \u043a\u043e\u0433\u0434\u0430 \u0438\u0434\u0451\u0442 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 bind<\/strong>, \u0430 \u043e\u043d \u0434\u043e\u043b\u0436\u0435\u043d forward’\u0438\u0442\u044c <\/strong>\u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0439 \u0437\u043e\u043d\u044b \u0434\u0430\u043b\u044c\u0448\u0435. \u0418 \u0442\u0443\u0442 \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435: \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0410<\/strong>-\u0437\u0430\u043f\u0438\u0441\u044c, \u0430 bind forward’\u0438\u0442 <\/strong>\u0435\u0451 \u0434\u0430\u043b\u044c\u0448\u0435 \u0443\u0436\u0435 \u043a\u0430\u043a \u0410\u0410\u0410\u0410<\/strong>-\u0437\u0430\u043f\u0438\u0441\u044c. \u0427\u0435\u0440\u0435\u0437 tcpdump <\/strong>\u044d\u0442\u043e \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0442\u0430\u043a:<\/p>\n\n\n


\nIP 192.168.1.137.61275 > 192.168.1.1.53: 8461+ A? srv2304.domain.local. (40)
\nIP 192.168.1.1.61034 > 192.168.1.50.53: 7530+ AAAA? srv2304.domain.local. (40)
\nIP 192.168.1.50.53 > 192.168.1.1.61034: 7530* 0\/1\/0 (98)<\/code><\/p>\n

<\/code><\/code><\/p>\n

<\/p>\n


\n<\/code><\/p>\n

<\/code><\/p>\n

\u0412\u0441\u044f\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0432\u044b\u043a\u043b\u044e\u0447\u0438\u0442\u044c ipv4<\/strong> \u0432 \u0441\u0430\u043c\u043e\u043c bind’e<\/strong> \u0438\u043b\u0438 \u0432 OS<\/strong> \u043d\u0435 \u0443\u0432\u0435\u043d\u0447\u0430\u043b\u0438\u0441\u044c \u0443\u0441\u043f\u0435\u0445\u043e\u043c, \u0434\u0430 \u0438 \u043d\u0430\u0432\u0435\u0440\u043d\u043e\u0435 \u044d\u0442\u043e \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u0439 \u043f\u043e\u0434\u0445\u043e\u0434. \u0413\u0443\u0433\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u0430\u043b\u043e, \u0447\u0442\u043e \u043d\u0430 \u044d\u0442\u043e\u0442 \u0441\u043b\u0443\u0447\u0430\u0439 \u0435\u0441\u0442\u044c \u043e\u043f\u0446\u0438\u044f filter-aaaa<\/strong>. \u041d\u043e \u0438 \u0442\u0443\u0442 \u0435\u0441\u0442\u044c \u043d\u044e\u0430\u043d\u0441\u044b:<\/p>\n\n\n

9.7.0b2<\/strong><\/p>\n\n\n\n

Add optional filter-aaaa-on-v4 option, available if built with ‘.\/configure –enable-filter-aaaa’. Filters out AAAA answers to clients connecting via IPv4.<\/span><\/p><\/blockquote>\n\n\n\n

Until BIND 9.12, this feature was implemented  natively  in  named<\/strong>  and enabled  with  the  filter-aaaa<\/strong>  ACL and the filter-aaaa-on-v4<\/strong> and fil-ter-aaaa-on-v6<\/strong> options.<\/span><\/p><\/blockquote>\n\n\n\n

9.13.7<\/strong><\/p>\n\n\n\n

The filter-aaaa<\/strong>, filter-aaaa-on-v4<\/strong>, and filter-aaaa-on-v6 <\/strong>options have been removed from named<\/strong>, and can no longer be configured using native named.conf syntax. However, loading the new filter-aaaa.so and setting its parameters provides identical functionality.<\/span><\/p><\/blockquote>\n\n\n\n

\u0415\u0441\u043b\u0438 \u043a\u0440\u0430\u0442\u043a\u043e, \u0442\u043e \u0435\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 bind \u0432\u0435\u0440\u0441\u0438\u0438 9.7.0b2<=bind<9.13.7<\/strong>, \u0442\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u043f\u0446\u0438\u044e filter-aaaa-on-v4<\/strong> \u043f\u0440\u044f\u043c\u043e \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0435 named.conf<\/strong>, \u0430 \u0435\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 bind>9.13.7<\/strong> (\u043a\u0430\u043a \u0432 \u043c\u043e\u0451\u043c \u0441\u043b\u0443\u0447\u0430\u0435), \u0442\u043e \u043f\u0440\u0438\u0434\u0451\u0442\u0441\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u044c, \u0447\u0442\u043e \u043f\u043e\u0434\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u043c\u043e\u0434\u0443\u043b\u044c, \u0438\u043d\u0430\u0447\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0435 \u0440\u0443\u0433\u0430\u043d\u044c \u0438 \u043e\u043f\u0446\u0438\u044f \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043d\u0435 \u0431\u0443\u0434\u0435\u0442:<\/p>\n\n\n

# named-checkconf\n\/usr\/local\/etc\/namedb\/named.conf:47: option 'filter-aaaa-on-v4' is obsolete and should be removed<\/pre>\n\n\n
\u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043e\u043d\u0430 \u043d\u0435 \u0432\u0435\u0437\u0434\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 (\u0443\u0437\u043d\u0430\u0442\u044c \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0432 \u0432\u044b\u0432\u043e\u0434\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b named -V<\/strong>). \u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443,<\/p>\n\n\n\n
Debian:<\/span><\/strong><\/em><\/p>\n\n\n\n
  • Wheezy (7.X)<\/strong>: \u043f\u0430\u043a\u0435\u0442 \u0441\u043e\u0431\u0440\u0430\u043d \u0431\u0435\u0437 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 filter-aaaa<\/strong><\/li>
  • Wheezy-Backports (7.X), 8.X<\/strong> \u0438 \u0432\u044b\u0448\u0435: \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442<\/li><\/ul>\n\n\n\n
    FreeBSD (\u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u0432\u044b\u0431\u043e\u0440\u0435 \u043e\u043f\u0446\u0438\u0439, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043d\u0443\u0436\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0432\u0440\u0443\u0447\u043d\u0443\u044e \u0432 Makefile)<\/span><\/em><\/strong><\/p>\n\n\n
    \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c, \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0432 \u044d\u0442\u043e \u043c\u0435\u0441\u0442\u043e, \u043e\u043f\u0446\u0438\u044e –enable-filter-aaaa<\/strong><\/p>\n
    ...\nCONFIGURE_ARGS= --disable-linux-caps \\\n                --localstatedir=\/var \\\n                --sysconfdir=${ETCDIR} \\\n                --with-dlopen=yes \\\n                --enable-filter-aaaa \\\n                --with-libxml2 \\\n                --with-openssl=${OPENSSLBASE} \\\n                --with-readline=\"-L${LOCALBASE}\/lib -ledit\"\nETCDIR=         ${PREFIX}\/etc\/namedb\n...\n<\/pre>\n\n\n
    \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u043a \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 named.conf<\/strong>. \u0422\u0443\u0442 \u043d\u0443\u0436\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0442\u044c, \u0438\u043c\u0435\u043d\u043d\u043e \u043a\u0430\u043a plugin<\/strong>:<\/p>\n\n\n
    acl \"internals\" {127.0.0.1;10.0.0.0\/8;};
    \n...
    \nview internal {
    \n...
    \nplugin query \"filter-aaaa.so\" {
    \n        filter-aaaa-on-v4 yes;
    \n        filter-aaaa-on-v6 no;
    \n        filter-aaaa { \"internals\"; };
    \n};
    \n...
    \n}<\/pre>\n
    \u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432\u043e view<\/strong>, \u0438\u043d\u0430\u0447\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0435 \u0440\u0443\u0433\u0430\u043d\u044c:<\/p>\n
    # named-checkconf\n\/usr\/local\/etc\/namedb\/named.conf:15: when using 'view' statements, all plugins must be defined in views\n<\/pre>\n
    \u041a\u0440\u0430\u0442\u043a\u043e \u043f\u043e \u043e\u043f\u0446\u0438\u044f\u043c \u0438 \u043a\u0430\u043a\u0438\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043e\u043d\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c:
    – filter-aaaa:<\/strong><\/em><\/span> \u0441\u043f\u0438\u0441\u043e\u043a IP<\/strong> \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c\u0441\u044f \u044d\u0442\u0430 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u044f (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e – any)
    – filter-aaaa-on-v4:<\/strong><\/em><\/span> \u0435\u0441\u043b\u0438 yes<\/strong>, \u0442\u043e\u0433\u0434\u0430 \u0435\u0441\u043b\u0438 \u0437\u0430\u043f\u0440\u043e\u0441 \u043f\u0440\u0438\u0448\u0451\u043b \u043e\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0441 IPv4<\/strong> \u0438 \u043e\u0442\u0432\u0435\u0442 \u043d\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 DNSSEC<\/strong>, \u0442\u043e \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043e\u0442\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u0441\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0410\u0410\u0410\u0410<\/strong> \u0438\u0437 \u043e\u0442\u0432\u0435\u0442\u0430. \u042d\u0442\u043e \u043d\u0435 \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0445 \u043e\u0442\u0432\u0435\u0442\u043e\u0432. \u0415\u0441\u043b\u0438 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 break-dnssec<\/strong>, \u0442\u043e\u0433\u0434\u0430 \u043e\u0442\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u0441\u0435 \u0437\u0430\u043f\u0438\u0441\u0438, \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u043e\u0442 \u0442\u043e\u0433\u043e, \u0435\u0441\u0442\u044c \u043b\u0438 \u0432 \u043e\u0442\u0432\u0435\u0442\u0435 DNSSEC<\/strong>.
    – filter-aaaa-on-v6:<\/strong><\/em><\/span> \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e \u0438 \u043a\u0430\u043a \u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 ipv4<\/strong>, \u043d\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043e\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 ipv6<\/strong><\/p>","protected":false},"excerpt":{"rendered":"
    \u041d\u0435\u0434\u0430\u0432\u043d\u043e \u0441\u0442\u043e\u043b\u043a\u043d\u0443\u043b\u0441\u044f \u0441 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0435\u0439, \u043a\u043e\u0433\u0434\u0430 \u0438\u0434\u0451\u0442 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 bind, \u0430 \u043e\u043d \u0434\u043e\u043b\u0436\u0435\u043d forward’\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0439 \u0437\u043e\u043d\u044b \u0434\u0430\u043b\u044c\u0448\u0435. \u0418 \u0442\u0443\u0442 \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u0442\u0441\u044f \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435: \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442 \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0410-\u0437\u0430\u043f\u0438\u0441\u044c, \u0430 bind forward’\u0438\u0442 \u0435\u0451 \u0434\u0430\u043b\u044c\u0448\u0435 \u0443\u0436\u0435 \u043a\u0430\u043a \u0410\u0410\u0410\u0410-\u0437\u0430\u043f\u0438\u0441\u044c. \u0427\u0435\u0440\u0435\u0437 tcpdump \u044d\u0442\u043e \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0442\u0430\u043a: IP 192.168.1.137.61275 > 192.168.1.1.53: 8461+ A? srv2304.domain.local. (40) IP 192.168.1.1.61034 > 192.168.1.50.53: 7530+ AAAA? srv2304.domain.local. (40) IP […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,12],"tags":[],"class_list":["post-5735","post","type-post","status-publish","format-standard","hentry","category-others","category-routers"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5735","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5735"}],"version-history":[{"count":2,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5735\/revisions"}],"predecessor-version":[{"id":5737,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/5735\/revisions\/5737"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5735"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5735"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5735"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}