query-source/transfer-source have no effect (bind 9.2.1)
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sun Jan 4 23:50:13 UTC 2004
> Hello,
>
> My name server is called 'ns1.dns.ournet.com' which maps to the IP
> address '192.168.240.56/23' (eth0:1). Multiple IP addresses are aliased
> to eth0 on the server.
>
> Since a recent upgrade from RedHat 7.3/Bind 8 to Redhat 9/Bind 9.2.1, I
> have been unable to get the name server to perform queries and transfers
> on the addresses specified in the query-source and transfer-source
> options. Instead, the server defaults to performing queries and
> transfers using the primary IP address assigned to eth0.
BIND 9.2.1 is old. Why upgrade to a old version?
-rw-r--r-- 1 marka marka 201 Nov 25 2001 bind-9.2.0/version
-rw-r--r-- 1 marka marka 202 Mar 29 2002 bind-9.2.1/version
-rw-r--r-- 1 marka marka 206 Feb 17 2003 bind-9.2.2/version
-rw-r--r-- 1 marka marka 202 Oct 9 17:00 bind-9.2.3/version
> The following IP addresses are configured on the name server:
>
> eth0 inet addr:192.168.240.90 Bcast:192.168.241.255
> Mask:255.255.254.0
> eth0:0 inet addr:192.168.240.61 Bcast:192.168.241.255
> Mask:255.255.254.0
> eth0:1 inet addr:192.168.240.56 Bcast:192.168.241.255
> Mask:255.255.254.0
> lo inet addr:127.0.0.1 Mask:255.0.0.0
>
> The options statement in /etc/named.conf is as follows:
>
> options {
> listen-on { 192.168.240.56; };
> query-source address 192.168.240.56 port 53;
> transfer-source 192.168.240.56;
> directory "/var/named";
> notify yes;
> also-notify {
> 192.168.240.57;
> 192.168.244.249;
> 192.168.244.252;
> };
> allow-transfer {
> 192.168.240.57;
> };
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> //query-source address 192.168.240.56 port 53;
> };
>
> The symptoms are that peer servers reject our requests because they
> expect these to come from 192.168.240.56 instead of which the queries
> and transfer requests come from 192.168.240.90. =20
What exactly is being rejected? Log messages would be
useful to see.
Also you don't have a notify-source specified.
> tcpdumps of queries and transfer requests show this to be true; such
> that performing a dig from the server to a peer:
>
> # dig @192.168.244.227 test.ournet.com -t any
>
> produces the following (unexpected) tcpdump output:
>
> tcpdump: listening on eth0
> 15:16:21.797540 192.168.240.90.35218 > 192.168.244.227.53: 35824+ ANY?
> test.ournet.com. (33) (DF)
> 15:16:26.798564 192.168.240.90.35218 > 192.168.244.227.53: 35824+ ANY?
> test.ournet.com. (33) (DF)
>
> On the other-hand, I AM able to force a query to take place from a
> specified address using dig's -b option; and:
>
> # dig @192.168.244.227 test.ournet.com -b192.168.240.56 -t any
>
> produces the following (expected) tcpdump output:
>
> tcpdump: listening on eth0
> 15:20:57.553985 192.168.240.56.35219 > 192.168.244.227.53: 65062+ ANY?
> test.ournet.com. (33) (DF)
> 15:21:02.564697 192.168.240.56.35219 > 192.168.244.227.53: 65062+ ANY?
> test.ournet.com. (33) (DF)
>
> I'm flummoxed by this, and would grately appreciate a steer.
What makes you think that dig looks at named.conf?
The traces above is exactly what is to be expected
192.168.240.90 is used unless a query source is forced.
> Many thanks in advance,=20
>
> Monu Ogbe
> -----------------------------------------------------------
> www.houxou.com
> -----------------------------------------------------------
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list