Bind 9.6.1-P1 ignoring listen-on directive

John Center john.center at villanova.edu
Wed Sep 9 19:04:02 UTC 2009 

Hi,

I'm testing Bind 9.6.1-P1 on Solaris 10 SPARC (64bit/Sun Studio 12.1) & 
I noticed this in the logs:

Sep  9 13:15:31 ns3a/ns3a named[23042]: [ID 873579 daemon.info] 
listening on IPv4 interface lo0, 127.0.0.1#53
Sep  9 13:15:31 ns3a/ns3a named[23042]: [ID 873579 daemon.info] 
listening on IPv4 interface bge0, 153.104.92.2#53
Sep  9 13:15:31 ns3a/ns3a named[23042]: [ID 873579 daemon.info] 
listening on IPv4 interface bge0:1, 153.104.92.4#53
Sep  9 13:15:31 ns3a/ns3a named[23042]: [ID 873579 daemon.info] 
listening on IPv4 interface bge1, 10.104.36.20#53

I only wanted named to listen on one interface + the loopback, so I 
added a listen-on statement in named.conf:

acl testnets { 153.104.244.0/24; 153.104.248.0/24; };
options {
         directory "/opt/isc/bind/var/db";
         allow-query { testnets; };
         listen-on { localhost; 153.104.92.2; };
         listen-on-v6 { none; };
};
zone "0.0.127.in-addr.arpa" in {
         type master;
         file "db.127.0.0";
         notify no;
};

But, I still have the same log entries when I start named.  I then 
modified named.conf to specifically exclude the other interfaces:

listen-on { localhost; 153.104.92.2; !153.104.92.4; !10.104.36.20; };

But, again, I'm still seeing it state that it is listening on the 
excluded interfaces.  I tried increasing the debug level, but I didn't 
see any additional info pertaining to this.  I know that it is listening 
on the excluded interfaces because I see a queries on the 10.104.36.20 
interface:

Sep  9 13:09:16 ns3a/ns3a named[22867]: [ID 873579 daemon.info] client 
10.104.109.0#1041: query (cache) 'ATF/A/IN' denied
Sep  9 13:09:16 ns3a/ns3a named[22867]: [ID 873579 daemon.info] client 
10.104.109.0#1046: query (cache) 'ATP.villanova.edu/A/IN' denied

Is this a known problem?  It's an issue for us because we restrict DNS 
queries to particular interfaces.  If it isn't a known bug, I'd be glad 
to help troubleshoot this problem.

Thanks.

	-John

-- 
John Center
Villanova University

More information about the bind-users mailing list