[SOLVED] Re: bind listening on UDP port 53 using 2 fd
Bernardo
bernardo.pons at gmail.com
Tue Jan 26 11:04:51 UTC 2021
Again, the problem here is that perfectly valid configuration lines in
/etc/named.conf would cause serious trouble.
BIND 9.16.1.+ DNS admins should be aware of it.
So that's the reason I wrote this post.
Regards,
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Libre
de virus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
El lun, 25 ene 2021 a las 14:33, Matus UHLAR - fantomas (<uhlar at fantomas.sk>)
escribió:
> On 25.01.21 14:05, Bernardo wrote:
> >Yes. This causes serious problems.
> >
> >The problem is that these perfectly valid configuration lines in
> >/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of
> >your DNS server, it doesn't matter if it is a primary or secondary) will
> >cause you a lot of trouble.
> >
> >query-source address 192.168.10.100;
> >notify-source 192.168.10.100 port 53;
> >transfer-source 192.168.10.100 port 53;
> >
> >These configuration lines will cause you problems as described in my post
> (
> >BIND ignores "packets received correctly" ) from January 2020.
> >
> >It seems that this is a know issue since BIND 9.16.1 version: UDP network
> >ports used for listening can no longer simultaneously be used for sending
> >traffic.
>
> which means, that the "port 53" is what causes problems and the rest can
> stay there.
>
> If you only have interace address "192.168.10.100" (except loopback, if
> course), or if that is the primary address of your interface, those
> defitions are useless, otherwise you should keep them there.
>
> >El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas (<
> uhlar at fantomas.sk>)
> >escribió:
> >
> >> On 23.01.21 12:44, Bernardo wrote:
> >> >Finally I've found the solution.
> >> >The problem seems to be caused by a known issue since BIND version
> 9.16.1
> >> >
> >> >Commenting out these lines in /etc/named.conf solves the issue:
> >> >
> >> >query-source address 192.168.10.100;
> >> >notify-source 192.168.10.100 port 53;
> >> >transfer-source 192.168.10.100 port 53;
> >>
> >> this should not cause a problem and may cause troubles when
> 192.168.10.100
> >> is not the primary address.
> >>
> >> the "port 53" is usually useless (unless you have stateless firewall)
> and
> >> may be what caused your problem.
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Fucking windows! Bring Bill Gates! (Southpark the movie)
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Bernardo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210126/175404c8/attachment.htm>
More information about the bind-users
mailing list