[nsd-users] Question about response source address and dynamic interfaces
wouter at nlnetlabs.nl
Tue Oct 9 12:09:22 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 10/09/2012 11:57 AM, Gavin Brown wrote:
> I was never able to resolve this issue, but Bert Hubert recently
> posted on a related topic. If NSD did what PowerDNS now does, this
> would resolve my problem!
> On binding datagram (UDP) sockets to the ANY addresses:
This is listed on the NSD4-feature-wishlist for 4.1.
Unbound 0.9 has this implemented, (it is called interface-automatic:
yes for unbound).
> On 16/08/2012 15:39, Gavin Brown wrote:
>> Hi there,
>> I have a FreeBSD box (hostA) running NSD. It has a management
>> address (10.0.0.2) and a service address (10.0.0.3). It is part
>> of a clustered pair with a Linux machine (hostB) that has a
>> management address (10.0.0.4) and a service address (10.0.0.5).
>> DNS queries are sent to the two service addresses. Heartbeat is
>> used to co-ordinate the pairs: if hostB goes offline, then the
>> service address (10.0.0.5) is brought up on hostA so that it can
>> answer queries, and vice versa.
>> The problem is this: without an ip-address entry in nsd.conf,
>> responses are sent from the management address (10.0.0.2) since
>> that is the "primary" interface of the host. I can fix this
>> during normal operations by adding an ip-address entry for
>> However, during failover, queries sent to 10.0.0.5 will be
>> answered with the wrong source address. Again, I could fix this
>> using an ip-address entry.
>> But - when the machine boots, this IP address isn't assigned to
>> hostA, so if it appears in nsd.conf, NSD will refuse to start.
>> BIND (which I'm using on hostB) doesn't have this problem.
>> Has anyone else solved this problem? Or do I need to write
>> scripts to munge nsd.conf and restart it during
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the nsd-users