BIND 4 -> 8 gotcha

Jim Reid jim at rfc1035.com
Wed Jan 19 11:07:19 UTC 2000 

>>>>> "David" == David Hedley <david at inty.co.uk> writes:

    David> I've recently upgraded from BIND 4 to BIND 8 (8.2.2-P5 to
    David> be precise) and I've noticed that 'named' no longer binds
    David> to INADDR_ANY:53 (i.e. the wildcard IP address), instead
    David> choosing to bind to each IP address on each interface
    David> specifically. This creates a big problem if, as in our
    David> case, the DNS server running 'named' handles dial-up PPP
    David> links where the interfaces are coming up, going down, being
    David> assigned different IP addresses etc all the time. I have
    David> managed to work around this by specifying 'query-source
    David> address * port 53' in the named.conf, which makes 'named'
    David> bind to *.53, however this is a bit of a hack.

The query-source address option sets the address and maybe the port
number that the name server uses for *sending* queries. It doesn't
have any effect on the addresses that the name server listens on for
incoming queries. That can be controlled through the listen-on option.

    David> In short, _why_ doesn't 'named' bind to the wildcard
    David> address?, and is there an obvious solution I'm missing
    David> (apart from patching the source)?

Because in some situations, using the wildcard interface is not
appropriate: say on a firewall that has to implement split DNS. There
could be two named processes: one listening on the external interface
and one listening on the internal interfaces. In such setups using a
wildcard address would not be a good idea. Working on the basis of
least surprise, by default BIND8 doesn't use a wildcard listener.
Instead the default behaviour is to use discrete listener sockets for
each network address that's up when the name server goes looking for
network interfaces. The listen-on option can then be used to control
which interfaces are and aren't used for DNS.

As for "solutions", you could use the listen-on option to explicitly
define which interfaces the name server listens for queries. However
that is clumsy (and maybe unworkable) if the dialup interfaces could
have any of a large number of IP addresses. Maybe using a listen-on
option address of 0.0.0.0 will work, sort of. [I don't know: I've not
tried it.] You could also try using the interface-interval option to
make named scan for new and old network interfaces more frequently. By
default, named does this once an hour and adds or removes listener
sockets as appropriate.

However I'm puzzled why you want/need the name server to listen for
queries on dial-up interfaces that dynamically and frequently change
their IP address. [These types of interfaces are not really much use
for providing any network service. How could you get someone to come
to an SMTP listener or a web server that was listening on some
randomly changing IP address? Why should it be any different if such
an interface was used for DNS service?] Who sends queries to those
dial-up interfaces addresses? Why do they do that? Why don't they use
(one of) the fixed IP addresses of your name server?

More information about the bind-users mailing list