source address ignored in 9.3.1?
Mark Andrews
Mark_Andrews at isc.org
Wed May 4 14:22:12 UTC 2005
> Hello everyone,
>
> There seems to be an issue with the query-source and/or transfer source=20
> options in Bind 9.3.1: while I have an address defined for query, transfer,=
> =20
> listen and notify, the nameserver still tries to use it primary IP address=
> =20
> for some queries. These queries are SOA queries for domains where it acts a=
> s=20
> slave, followed by (failed) attempts to open TCP connections from that same=
> =20
> IP address. So no slave zone is transferred. For resolving the address=20
> 158.64.1.25 is used correctly.=20
>
> =46rom the options in named.conf:
>
> listen-on { 127.0.0.1; 158.64.1.25; };
> query-source address 158.64.1.25;
> transfer-source 158.64.1.25;
> notify-source 158.64.1.25;
> listen-on-v6 { none; };
>
> The same config used to work in 9.2.x, so did I miss a change, or a bug?
>
> Best regards,
> Gilles
>
> =2D-
> RESTENA - DNS-LU
> 6, rue Coudenhove-Kalergi
> L-1359 Luxembourg
> tel: (+352) 424409
> fax: (+352) 422473
>
1446. [func] Implemented undocumented alternate transfer sources
from BIND 8. See use-alt-transfer-source,
alt-transfer-source and alt-transfer-source-v6.
SECURITY: use-alt-transfer-source is ENABLED unless
you are using views. This may cause a security risk
resulting in accidental disclosure of wrong zone
content if the master supplying different source
content based on IP address. If you are not certain
ISC recommends setting use-alt-transfer-source no;
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list