Problems with NSD on multihome FreeBSD host
Erik Rozendaal
erik at NLnetLabs.nl
Mon Apr 26 20:03:51 UTC 2004
Sebastian Castro wrote:
> Hi All:
>
> I'm still working in my FreeBSD server to make it work with NSD.
>
> I've already updated my ports with NSD 2.0.2 and it was pretty easy
> (thanks to Peter Hessler).
>
> My host has two network interfaces, with two IP addresses belonging to
> two different IP networks (one for national traffic, one for
> international traffic). Let's suppose first IP is X.X.X.X and second is
> Y.Y.Y.Y
>
> The default route is through first network interface.
>
> When I query to first interface, I got the expected answer.
>
> When I query to second interface, I got a query time out.
>
> Checking out with tcpdump, I've found that queries coming through 2nd
> interface (dst address Y.Y.Y.Y) went out through first interface (probably due to the default
> router) but using as IP source address X.X.X.X, so any firewall will not
> match the answer because is not "related".
This is the way UDP works on most (all?) systems when a single UDP
socket is used for multiple interface. To get correct multihoming
source addresses from the server make sure NSD uses multiple UDP
sockets, one for each interface, using the -a flag:
nsd -a X.X.X.X -a Y.Y.Y.Y
This way queries to the Y.Y.Y.Y interface will be received on the UDP
socket for interface Y.Y.Y.Y and will also be responded to the Y.Y.Y.Y
source address.
Erik
More information about the nsd-users
mailing list