Question on query-source, transfer-source, notify-source
Barry Finkel
b19141 at anl.gov
Wed Aug 4 18:42:39 UTC 2010
Another question about query-source:
Is there a difference between
query-source address 1.2.3.4;
and
query-source 1.2.3.4;
My reading of the ARM simplies that the two are the same, but I may
be getting different results. I am not sure. Two of my colleagues
ran a test last week that seemed to imply a difference, but I was not
around to see exactly what tests they ran. This is BIND 9.7.1-P2.
I have looked at querylogs on a server with one DNS address and one
non-DNS address. I have tried both formats of "query-source" above;
I see no difference. What I do see is this - an SOA query via the
DNS address followed by an IXFR via the DNS address. This IXFR is
REFUSED because this is a test server, and the master server (not under
my control) does not allow zone transfers from this test address.
Then I see an SOA query and an AXFR query, both on the DNS address.
This AXFR is also REFUSED. Then I see an SOA query and an IXFR query
via the non-DNS address! I have not looked at the code to see what
BIND might be doing in sending a DNS packet via the non-DNS address.
The BIND config on this machine has
transfer-source 1.2.3.4 port 53;
so it should not be sending an IXFR or AXFR request via the non-DNS
address.
An addendum to my recent postings about two machines each with three
addresses. The only reason I need all three addresses on each machine
is that I have published all six addresses, and these addresses are
configured in all of the machines on the three Class-B subnets that
my DNS server manages. I do not want to have all of the system
administrators change their machine DNS server IP addresses.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 240, Room 5.B.8 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list