Public DNS - recursion no - Access to the Internet
Barry Margolin
barmar at alum.mit.edu
Tue Feb 20 06:20:00 UTC 2007
In article <erdak6$1ndr$1 at sf1.isc.org>,
Pascal Hambourg <pascal.mail at plouf.fr.eu.org> wrote:
> Jarek Buczynski a ecrit :
> > Below is next quote:
> >
> > "If you use multiple nameserver directives, don't use the loopback address!
> > There's a bug in some Berkeley-derived TCP/IP implementations that can cause
> > problems with BIND if the local nameserver is down. The resolver's connected
> > datagram socket won't rebind to a new local address if the local nameserver
> > isn't running, and consequently the resolver sends query packets to the
> > fallback remote nameservers with a source address of 127.0.0.1. When the
> > remote nameservers try to reply, they end up sending the reply packets to
> > themselves."
>
> Wow, that's a bug !
> However, the sender's IP stack should refuse to send the packet out on
> the network because adresses within 127.0.0.0/8 are invalid outside a
> host. And even though, the receiver's IP stack should also drop the
> incoming packet for the same reason. So, in order for the remote
> nameserver to send a reply, we need a lot of broken software.
Does it really matter whether the server gets the request or not?
Either way it won't be able to reply to the client.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list