dns replies differ in src IP from query's dst IP (Bug?)
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Nov 21 12:34:02 UTC 2001
>
> Hi,
> I’ve seen the following paragraph in rfc 1035:
> “- Some name servers send their responses from different addresses than the
> one used to receive the query. That is, a resolver cannot rely that a
> response will come from the same address, which it sent the corresponding
> query to. This name server bug is typically encountered in UNIX systems.”
>
> I couldn’t find which NSs’ implementations enable this kind of behavior, and
> if this is user configurable.
No. It is not user configurable. It is undesired behaviour
brought about by limitations of the IP stack of the host
machine or by not using the capabilities of the IP stack
properly to ensure that reply packet have the correct source
address and port.
> I’m interested in the behavior of popular NSs’ implementations (bind and
> others).
>
> P.S. whoever knows about this “bug”: is the IP used to reply dns queries is
> typically used for listening to queries as well?
It doesn't have to be.
> I.e. does the resolver
> issuing the query is aware of the IP used for reply as an additional IP of
> the NS in question?
Not always.
> Thanks
> Guy
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list