Temporarily no name resolution using second/virtual ip address
Tony Finch
dot at dotat.at
Thu Mar 25 13:48:57 UTC 2021
Jonathan via bind-users <bind-users at lists.isc.org> wrote:
> It makes no difference from which subnet the queries come from. For
> testing I used a server in the same subnet like my DNS is, so there is
> no firewall or NAT in between. I also captured the network traffic of
> the DNS-Server and -Client. All I can see is, that the server receives
> the query from the client, but no response is sent from the server. When
> I run dig with the +tcp option, all of the queries will be answered.
Do you have a firewall configured on the server itself? If so does it have
the correct idea about which ports and addresses BIND is listening on?
The other possibility is reverse path filtering - Linux tries to ensure
that packets don't traverse an interface with unexpected addresses. I had
to turn it off on my recursive servers because they have interfaces on two
different VLANs. Dunno if it could cause problems with just one subnet in
play.
set sysctl net.ipv4.conf.XXX.rp_filter=2 where XXX is all, default, and
whatever your ethernet interface is named.
Tony.
--
f.anthony.n.finch <dot at dotat.at> https://dotat.at/
North Utsire, South Utsire: Southwesterly 5, backing southerly 6 or 7,
occasionally gale 8 in North Utsire. Moderate or rough. Showers. Moderate
or good.
More information about the bind-users
mailing list