Is this "bug" fixed in newer code? [was: query-source does not work for forwarded queries]
Gordon A. Lang
glang at goalex.com
Tue Aug 31 20:29:43 UTC 2010
I expect query-source to apply to forwarded queries as well as
hint+cache driven recursive queries, but it does not on my system
running 9.4-ESV-R2.
Is this a known bug?
Has anyone else experienced this issue?
--
Gordon A. Lang
----- Original Message -----
From: "Gordon A. Lang" <glang at goalex.com>
To: <bind-users at isc.org>
Sent: Tuesday, August 24, 2010 10:29 AM
Subject: query-source does not work for forwarded queries
> The "query-source" option does not work for forwarded queries per
> wireshark
> with BIND 9.4-ESV-R2 on Solaris 10 as well as AIX 5.3.
>
> If I remove the "forward only" option from named.conf, then the
> query-source
> does take effect for the recursive queries (but of course the queries fail
> because I need them to be forwarded to the target that is accessible
> through
> the firewall).
>
> With the forward only option, the forwarded queries pick up their source
> ip
> address as if there were a secret hidden setting of "forward-source * "
> option.
>
> Is this a known bug?
> Is there a work around?
>
> Right now I need to open up the firewall to permit a long changing list of
> source addresses to reach the forwarding target, but it would be more
> appropriate to allow only the short stable list of service addresses for
> the
> inside resolvers (made portable by use of host routing rather than ARP).
>
> Thanks in advance.
>
> --
> Gordon Lang
More information about the bind-users
mailing list