[nsd-users] Question about response source address and dynamic interfaces

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Oct 9 12:09:22 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Gavin,

On 10/09/2012 11:57 AM, Gavin Brown wrote:
> I was never able to resolve this issue, but Bert Hubert recently
> posted on a related topic. If NSD did what PowerDNS now does, this
> would resolve my problem!
> 
> On binding datagram (UDP) sockets to the ANY addresses:

This is listed on the NSD4-feature-wishlist for 4.1.

Unbound 0.9 has this implemented, (it is called interface-automatic:
yes for unbound).

Best regards,
   Wouter


> http://bert-hubert.blogspot.co.uk/2012/10/on-binding-datagram-udp-sockets-to-any.html
>
> 
> 
> On 16/08/2012 15:39, Gavin Brown wrote:
>> Hi there,
>> 
>> I have a FreeBSD box (hostA) running NSD. It has a management
>> address (10.0.0.2) and a service address (10.0.0.3). It is part
>> of a clustered pair with a Linux machine (hostB) that has a
>> management address (10.0.0.4) and a service address (10.0.0.5).
>> DNS queries are sent to the two service addresses. Heartbeat is
>> used to co-ordinate the pairs: if hostB goes offline, then the
>> service address (10.0.0.5) is brought up on hostA so that it can
>> answer queries, and vice versa.
>> 
>> The problem is this: without an ip-address entry in nsd.conf,
>> responses are sent from the management address (10.0.0.2) since
>> that is the "primary" interface of the host. I can fix this
>> during normal operations by adding an ip-address entry for
>> 10.0.0.3.
>> 
>> However, during failover, queries sent to 10.0.0.5 will be
>> answered with the wrong source address. Again, I could fix this
>> using an ip-address entry.
>> 
>> But - when the machine boots, this IP address isn't assigned to
>> hostA, so if it appears in nsd.conf, NSD will refuse to start.
>> BIND (which I'm using on hostB) doesn't have this problem.
>> 
>> Has anyone else solved this problem? Or do I need to write
>> scripts to munge nsd.conf and restart it during
>> failover/failback?
>> 
>> Thanks,
>> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQc/fSAAoJEJ9vHC1+BF+NeJwP/0mzEFdqGk4GYiKEBikolVRq
3PcvCpCu/6vygdLlef9wrGwLdIa0QVYeVr7T3J7FbFGODkwoaEOEGfJse7XZxE+b
XTO/DBeRYXTZOG6/ejrRoT8An+3Wvi8JrN0okTn56EyrUkYwn4N/9tv9u5mjrQ2O
G1HrL0vp91W/77lp8ocHSRn5pK1im0ETniZ1EMsb4osX+kB+j4ukVrqtCHZ0d2O3
rhnXWKMMMS3dIy+8FOdrnQa20hbORlkNk25Mw2cNvlYlZoym4sQiwvOm7hF59qma
57+U5eK9RhuySnOHlxPYmXPOubIEWM9DE3qAq3hUkhuXJvdXQXbgheEATmZWjsMo
LzwdyKt1x8usfQjQBbp6kv60B+bwDQbHPMoyNG5s+MdTdBl0moUHbfx8Iv28LVhU
p9ogbdsUQIP0CeT7Y9Dsv1JMnXNny7Sb+ydtzHHFobB9vUjqST5ozkfp178e+HLc
ZvmeUR30lehQnn42G6EAjOgM94I1EuQGUVFcyhaz2D/5vX7anEGiWJeR8U/mRAak
2UjMNqN6LueAeHXA9Jl/Qg/6QA6VdLtME0qCdgy3awawTQk5wV5Ua80eYS2rslA9
vhqu/AYIdcc0HA/y4oSamIIW0ZNk/PH3tkQTjEFaBoUjP9I3pwUo82ulIgnfIy5X
F4iMqb9ebfpcNd5RxSJS
=xtvS
-----END PGP SIGNATURE-----


More information about the nsd-users mailing list