Why server output from disallowed interface?
Spam Averse
info at optinbig.com
Sat Feb 21 05:27:38 UTC 2004
I'm running BIND v9.2.1 on a (Red Hat v9) Linux box. I have configured bind
to only respond to queries on interface eth0, yet it seems that there are
outbound zone transfers on eth1.
Here's a snippet of my named.conf:
listen-on { 127.0.0.1; 192.168.0.1; };
allow-query { 127.0.0.1; 192.168.0/24; };
Interface eth0 is on 192.168.0/24, while eth1 is the interface to the
internet. My server is authoratative for my network and acts as a caching
server for all other queries.
My understanding is that TCP is only used when a zone transfer is too big to
fit in a a UDP packet. Thus I should only *transmit* on TCP to transfer
zone info to other machines on my network, right?
So why do I get TCP output from my internet interface? Here's a couple of
examples, logged by Linux's iptables firewall (with my source address
removed):
Feb 20 11:42:04 nemesis kernel: PKTCHK:IN= OUT=eth1 SRC=aaa.bbb.ccc.ddd
DST=64.246.26.64 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42343 DF PROTO=TCP
SPT=33424 DPT=53 WINDOW=5840 RES=0x00 SYN URGP=0
Feb 20 14:15:52 nemesis kernel: PKTCHK:IN= OUT=eth1 SRC=aa.bbb.ccc.ddd
DST=193.171.255.2 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=42343 DF PROTO=TCP
SPT=33763 DPT=53 WINDOW=5840 RES=0x00 SYN URGP=0
Note that the protocol is TCP and the destination port is 53.
According to my understanding this is a zone transfer to the machine shown
as the destination address. As shown about, though, I have not permitted
the answering of queries on the interface on which this data is being sent.
Can someone please explain to me what's going on here?
Thanks.
--
Please respond to the group, not by e-mail.
More information about the bind-users
mailing list