query-source/transfer-source have no effect (bind 9.2.1)

Fri Jan 2 15:35:25 UTC 2004

Hello,

My name server is called 'ns1.dns.ournet.com' which maps to the IP
address '192.168.240.56/23' (eth0:1).  Multiple IP addresses are aliased
to eth0 on the server.

Since a recent upgrade from RedHat 7.3/Bind 8 to Redhat 9/Bind 9.2.1, I
have been unable to get the name server to perform queries and transfers
on the addresses specified in the query-source and transfer-source
options.  Instead, the server defaults to performing queries and
transfers using the primary IP address assigned to eth0.

The following IP addresses are configured on the name server:

eth0      inet addr:192.168.240.90  Bcast:192.168.241.255
Mask:255.255.254.0
eth0:0    inet addr:192.168.240.61  Bcast:192.168.241.255
Mask:255.255.254.0
eth0:1    inet addr:192.168.240.56  Bcast:192.168.241.255
Mask:255.255.254.0
lo        inet addr:127.0.0.1  Mask:255.0.0.0

The options statement in /etc/named.conf is as follows:

options {
        listen-on { 192.168.240.56; };
        query-source address 192.168.240.56 port 53;
        transfer-source 192.168.240.56;
        directory "/var/named";
        notify yes;
        also-notify {
                192.168.240.57;
                192.168.244.249;
                192.168.244.252;
        };
        allow-transfer {
                192.168.240.57;
        };
        /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        */
        //query-source address 192.168.240.56 port 53;
};

The symptoms are that peer servers reject our requests because they
expect these to come from 192.168.240.56 instead of which the queries
and transfer requests come from 192.168.240.90. =20

tcpdumps of queries and transfer requests show this to be true; such
that performing a dig from the server to a peer:

	# dig @192.168.244.227 test.ournet.com -t any

produces the following (unexpected) tcpdump output:

tcpdump: listening on eth0
15:16:21.797540 192.168.240.90.35218 > 192.168.244.227.53:  35824+ ANY?
test.ournet.com. (33) (DF)
15:16:26.798564 192.168.240.90.35218 > 192.168.244.227.53:  35824+ ANY?
test.ournet.com. (33) (DF)

On the other-hand, I AM able to force a query to take place from a
specified address using dig's -b option; and:

	# dig @192.168.244.227 test.ournet.com -b192.168.240.56 -t any

produces the following (expected) tcpdump output:

tcpdump: listening on eth0
15:20:57.553985 192.168.240.56.35219 > 192.168.244.227.53:  65062+ ANY?
test.ournet.com. (33) (DF)
15:21:02.564697 192.168.240.56.35219 > 192.168.244.227.53:  65062+ ANY?
test.ournet.com. (33) (DF)

I'm flummoxed by this, and would grately appreciate a steer.

Many thanks in advance,=20

Monu Ogbe
-----------------------------------------------------------
www.houxou.com
-----------------------------------------------------------