BIND and listening on interfaces
Mark Andrews
marka at isc.org
Fri Aug 1 23:42:19 UTC 2014
In message <53DBA84D.8030009 at thelounge.net>, Reindl Harald writes:
>
> the thread yesterday reminded me on my Fedora bugrpeort
> https://bugzilla.redhat.com/show_bug.cgi?id=3D1073038#c3
> https://bugzilla.redhat.com/show_bug.cgi?id=3D1073038#c8
>
> i don't buy "Note that destination IP address must be
> known and set correctly in reply, otherwise clients
> will be confused" because how does it survive NAT
>
> if listen-on {0.0.0.0;}; would work a lot of problems
> could go away - keep in mind that on modern systemd
> systems a service can bind to 0.0.0.0 even before
> the network is started
Named does not bind to 0.0.0.0 because the replies may not come
from the correct address. If you have multiple addresses on a
interface or multiple interfaces then there is no guarentee that
the address the stack uses to source a UDP reply packet will match
the address the query arrived on.
This is not a issue for TCP where the local address in stored in
the PCB.
For IPv6 we have in6_pktinfo and if the OS supports in6_pktinfo we
use it and bind to :: if the listen-on-v6 acl is "any;". If the
OS does not support in6_pktinfo then we bind to every interface.
If named is only listening on a subset of interface we bind to each
interface so that the one can run multiple instances and also so
that the correct ICMP messages are emitted.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list