Public DNS - recursion no - Access to the Internet
Pascal Hambourg
pascal.mail at plouf.fr.eu.org
Mon Feb 19 23:02:39 UTC 2007
Jarek Buczynski a écrit :
> Below is next quote:
>
> "If you use multiple nameserver directives, don't use the loopback address!
> There's a bug in some Berkeley-derived TCP/IP implementations that can cause
> problems with BIND if the local nameserver is down. The resolver's connected
> datagram socket won't rebind to a new local address if the local nameserver
> isn't running, and consequently the resolver sends query packets to the
> fallback remote nameservers with a source address of 127.0.0.1. When the
> remote nameservers try to reply, they end up sending the reply packets to
> themselves."
Wow, that's a bug !
However, the sender's IP stack should refuse to send the packet out on
the network because adresses within 127.0.0.0/8 are invalid outside a
host. And even though, the receiver's IP stack should also drop the
incoming packet for the same reason. So, in order for the remote
nameserver to send a reply, we need a lot of broken software.
More information about the bind-users
mailing list