What's new on the 127.0.0/24 block in 7?

Jeremy Chadwick koitsu at freebsd.org
Tue Mar 4 02:21:20 UTC 2008 

On Mon, Mar 03, 2008 at 05:43:35PM -0800, Chris H. wrote:
> Greetings,
> I'm having some difficulty working with anything past 127.0.0.1.
> It seems impossible to use (create) any addresses on the "loopback"
> past 127.0.0.1.
> More specifically; I installed rbldnsd from ports, and it worked quite
> well on a 6.x install. However, attempting the same config/install on
> a 7-RC3 install yields the inability to bind/create 127.0.0.2, or
> 127.0.0.3 for rbldnsd to answer on - all queries are refused. The
> same pinging/digging, etc.
>
> The 2 servers have /exactly/ the same net setups, and DNS/rbldnsd
> configs. Yet no joy on the RELENG_7 box. So it /appears/ something
> in this area has changed since 6. But I'm unable to discover any
> info on it.

I've looked at this software: http://www.corpit.ru/mjt/rbldnsd.html

Why exactly do you need this software to bind to 127.0.0.2 or 127.0.0.3?
I don't see any indication of it needing that.  DNS-based RBLs don't
work like that, so I'm confused by this request.

The software acts as "dumb" DNS server that returns specific IP
addresses when certain zones are resolved.  postfix, sendmail, or any
other MTA will attempt DNS resolution of a hostname (at whatever stage
of the SMTP transaction).  You tell the MTA to use whatever.blah.com as
a dnsbl, and the MTA will execute a resolver query to whatever.blah.com
for a specific hostname.  The resolver (rbldnsd) will answer for a
hostname with a specific IP address (per the configuration file); each
IP address returned can be used for a unique purpose, e.g. 127.0.0.2
could mean "SOCKS proxy; denied", while 127.0.0.99 could mean "Known
hijacked network".

There's a common list used here:

http://www.netwidget.net/books/apress/dns/info/dnsbl.htm; see section
"127/8 Return Codes".

If, for some bizarre reason, you REALLY DO need multiple loopback
addresses, it works fine, as confirmed on my RELENG_7 box:

icarus# ifconfig lo0 inet 127.0.0.2 netmask 255.255.255.255 alias
icarus# ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xffffffff
icarus# ping 127.0.0.2
PING 127.0.0.2 (127.0.0.2): 56 data bytes
64 bytes from 127.0.0.2: icmp_seq=0 ttl=64 time=0.022 ms
64 bytes from 127.0.0.2: icmp_seq=1 ttl=64 time=0.012 ms
^C
--- 127.0.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.012/0.017/0.022/0.005 ms


-- 
| Jeremy Chadwick                                    jdc at parodius.com |
| Parodius Networking                           http://www.parodius.com/ |
| UNIX Systems Administrator                      Mountain View, CA, USA |
| Making life hard for others since 1977.                  PGP: 4BD6C0CB |

More information about the freebsd-stable mailing list