• Welcome to The Network People Support Forums. Please login or sign up.
September 25, 2021, 11:05:33 AM

New ipv6 record

Started by skn-fab2, January 20, 2011, 10:54:42 PM

Previous topic - Next topic

skn-fab2

I am trying to create a new record containing an ipv6 address. However, the following issues manifested:
1. I specified address 3ffe.6a88.85a3.0000.1319.8a2e.0370.7343 and got the error message:

invalid character in record address -- :

2. Thus, i changed the colons into dots like 3ffe.6a88.85a3.0000.1319.8a2e.0370.7343 and got another error message:

Address for AAAA records must be a valid IP IPv6 address.

The address is a valid ipv6 address and I also tried other ones without any success. After looking into the code, it turns out the perl NET::IP is used to validate the address. This check works fine when tested seperately. Therefore, i think there is an error in validating the input field of the browser before it is passed to the perl check.

Does any one know how to solve this?

Kind regards,

Van Dung Ha
Triple IT
The Netherlands

skn-fab2

Eureka! We finally cracked the problem thanks to the dedication of our colleagues. It turns out that a validation check in line 333 of /var/NicToolServer/NicToolServer/Zone/Record/Sanity.pm was incomplete. We added a .\: to the check to allow NictoolServer to accept colons, like:


elsif ( $data->{address} =~ /([^a-zA-Z0-9\-\.\:])/ ) {

NB. This change is not immediately affective. It's why it toke us a while to see our changes back in the web interface. You need to re-run the complete installation process.

1. perl Makefile.PL
2. make
3. make install
4. reload config in apache

P.S. Notice that we changed only the specified file to make it work. It probably is wise to update this in all the ipv6 checks throughout the Nictool project.

Good luck everyone!

Van Dung Ha
Triple IT
The Netherlands

matt

Did you test DNS queries to your server to make sure tinydns yielded the correct response?  I'm not certain that it will, since with your modification, you are inserting a : into the nictool database, which the nictool apps specifically avoid (b/c it's a reserved tinydns character). I suggest this alteration instead:


@@ -322,6 +317,11 @@ sub _valid_address_chars {
         return;
     }

+    # convert : characters in IPv6 AAAA records to char value
+    if ( $data->{'type'} eq "AAAA" && $data->{address} =~ /:/ ) {
+        $data->{address} =~ s/:/\\072/g;
+    };
+
     if ( $data->{address} =~ /\//
         && $data->{address} !~ /in-addr\.arpa\.$/i ) {
         $self->{errors}{address}++;


monachus

May 18, 2011, 07:26:13 PM #3 Last Edit: May 18, 2011, 07:51:47 PM by monachus
Quote from: matt on May 11, 2011, 03:18:57 PM
Did you test DNS queries to your server to make sure tinydns yielded the correct response?  I'm not certain that it will, since with your modification, you are inserting a : into the nictool database, which the nictool apps specifically avoid (b/c it's a reserved tinydns character). I suggest this alteration instead:


@@ -322,6 +317,11 @@ sub _valid_address_chars {
         return;
     }

+    # convert : characters in IPv6 AAAA records to char value
+    if ( $data->{'type'} eq "AAAA" && $data->{address} =~ /:/ ) {
+        $data->{address} =~ s/:/\\072/g;
+    };
+
     if ( $data->{address} =~ /\//
         && $data->{address} !~ /in-addr\.arpa\.$/i ) {
         $self->{errors}{address}++;


This doesn't work because the colons are replaced with \\072, causing the address to fail the validity test: 
   
if ( Net::IP::ip_is_ipv6($ip) == 1 ) {


The behavior we're seeing is that it's okay to exclude the check for a colon in Sanity.pm.  The address goes into the database in proper IPv6 format, and when it's written out to the datafile, the address is zero-filled and colons are removed.  This seems to be an acceptable format for djbdns.  The output below shows the information in the db as well as the subsequent query to our ipv6 caching nameserver, including a DNS lookup for its address and the address of our ipv6 authoritative nameserver.  All of this is managed by NicTool, dnscache, and tinydns.  It appears to work fine.


mysql> select name,address from nt_zone_record where nt_zone_id=1009 and name='a.ns';
+------+-------------------+
| name | address           |
+------+-------------------+
| a.ns | 2606:c200:0:1::82 |
+------+-------------------+
1 row in set (0.00 sec)

dns-1 root # fgrep a.ns data
Zv6.arces.net:a.ns.arces.net.:hostmaster.arces.net.:2011051605:16384:2048:1048576:2560:86400::
&v6.arces.net::a.ns.arces.net.:86400::
&v6.arces.net::a.ns.v6.arces.net.:86400::
3a.ns.v6.arces.net:2606c200000000010000000000000082:86400::

Using domain server:
Name: a.cns.v6.arces.net
Address: 2606:c200:0:1::84#53
Aliases:

a.ns.v6.arces.net has IPv6 address 2606:c200:0:1::82

Adrian Goins - President / CEO
Arces Network, LLC
http://www.arces.net

PGP Key: 1024D/8AADA4B8 2009-04-20
Fingerprint: E3CD 96EA DF3F B345 7ADB  FB74 31EC 9F54 8AAD A4B8

monachus

Here's a patch to make it all nice and neat.  Those of you who are interested in applying this patch, copy the full text below to "ipv6.patch" at the top of the NicToolServer-2.08 tree and then run:


$ sudo patch < ipv6.patch



--- NicToolServer/Zone/Record/Sanity.pm.orig    2008-10-19 13:15:34.000000000 -0000
+++ NicToolServer/Zone/Record/Sanity.pm 2011-05-19 04:50:21.000000000 -0000
@@ -322,6 +322,13 @@
         return;
     }

+    my $valid_chars = "[^a-zA-Z0-9\-\.]";
+   
+    # allow a : for ipv6 addresses
+    if( $data->{'type'} eq "AAAA" ) {
+        $valid_chars = "[^a-zA-Z0-9\-\.:]";
+    }
+
     if ( $data->{address} =~ /\//
         && $data->{address} !~ /in-addr\.arpa\.$/i ) {
         $self->{errors}{address}++;
@@ -330,7 +337,7 @@
             "invalid character in record address '/'.  Not allowed in non-reverse-lookup addresses"
         );
     }
-    elsif ( $data->{address} =~ /([^a-zA-Z0-9\-\.])/ ) {
+    elsif ( $data->{address} =~ /($valid_chars)/ ) {
         $self->{errors}{address}++;
         push(
             @{ $self->{'error_messages'} },
Adrian Goins - President / CEO
Arces Network, LLC
http://www.arces.net

PGP Key: 1024D/8AADA4B8 2009-04-20
Fingerprint: E3CD 96EA DF3F B345 7ADB  FB74 31EC 9F54 8AAD A4B8

matt

Okay, your patch looks good Adrian, and I've committed the changes. Thanks for testing and confirming.