query-source/transfer-source have no effect (bind 9.2.1)
Monu Ogbe
monu at houxou.com
Fri Jan 2 15:35:25 UTC 2004
Hello,
My name server is called 'ns1.dns.ournet.com' which maps to the IP
address '192.168.240.56/23' (eth0:1). Multiple IP addresses are aliased
to eth0 on the server.
Since a recent upgrade from RedHat 7.3/Bind 8 to Redhat 9/Bind 9.2.1, I
have been unable to get the name server to perform queries and transfers
on the addresses specified in the query-source and transfer-source
options. Instead, the server defaults to performing queries and
transfers using the primary IP address assigned to eth0.
The following IP addresses are configured on the name server:
eth0 inet addr:192.168.240.90 Bcast:192.168.241.255
Mask:255.255.254.0
eth0:0 inet addr:192.168.240.61 Bcast:192.168.241.255
Mask:255.255.254.0
eth0:1 inet addr:192.168.240.56 Bcast:192.168.241.255
Mask:255.255.254.0
lo inet addr:127.0.0.1 Mask:255.0.0.0
The options statement in /etc/named.conf is as follows:
options {
listen-on { 192.168.240.56; };
query-source address 192.168.240.56 port 53;
transfer-source 192.168.240.56;
directory "/var/named";
notify yes;
also-notify {
192.168.240.57;
192.168.244.249;
192.168.244.252;
};
allow-transfer {
192.168.240.57;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
//query-source address 192.168.240.56 port 53;
};
The symptoms are that peer servers reject our requests because they
expect these to come from 192.168.240.56 instead of which the queries
and transfer requests come from 192.168.240.90. =20
tcpdumps of queries and transfer requests show this to be true; such
that performing a dig from the server to a peer:
# dig @192.168.244.227 test.ournet.com -t any
produces the following (unexpected) tcpdump output:
tcpdump: listening on eth0
15:16:21.797540 192.168.240.90.35218 > 192.168.244.227.53: 35824+ ANY?
test.ournet.com. (33) (DF)
15:16:26.798564 192.168.240.90.35218 > 192.168.244.227.53: 35824+ ANY?
test.ournet.com. (33) (DF)
On the other-hand, I AM able to force a query to take place from a
specified address using dig's -b option; and:
# dig @192.168.244.227 test.ournet.com -b192.168.240.56 -t any
produces the following (expected) tcpdump output:
tcpdump: listening on eth0
15:20:57.553985 192.168.240.56.35219 > 192.168.244.227.53: 65062+ ANY?
test.ournet.com. (33) (DF)
15:21:02.564697 192.168.240.56.35219 > 192.168.244.227.53: 65062+ ANY?
test.ournet.com. (33) (DF)
I'm flummoxed by this, and would grately appreciate a steer.
Many thanks in advance,=20
Monu Ogbe
-----------------------------------------------------------
www.houxou.com
-----------------------------------------------------------
More information about the bind-users
mailing list