Binding BIND to Multiple IP's

Jim Reid jim at mpn.cp.philips.com
Thu Aug 26 15:49:34 UTC 1999


>>>>> "Lomag" == Lomag  <lomag at lomag.net> writes:

    Lomag> Hello, I'm running bind on a server with 3 ips, one of
    Lomag> which has all UDP filtered to/from it, so what I want to do
    Lomag> is bind, bind to the other 2 ips, i've set this and it
    Lomag> seems to work:

    Lomag>         query-source address 207.230.18.1 port 53;
    Lomag>         query-source address 207.230.18.2 port 53;

    Lomag> in named.conf ..

    Lomag> My question is, is it right to bind it to 2 ips like I did
    Lomag> or should I just leave it to only one?

You are a bit confused. What do you mean by "bind it to 2 ips"? Do you
mean that you want the name server to only listen for queries on
certain interfaces or only use a specific IP address and/or port
number when it makes queries? BIND8 allows both of these things to be
set. Both these facilities rely on bind()ing sockets to specific IP
addresses and/or port numbers.

The listen-on clause tells the name server which interfaces to listen
for incoming queries. [You can also use this clause to tell it to
listen on something other than port 53.] By default, named will set up
listeners on port 53 for ALL the network interfaces on the computer.

The query-source clause tells the name server to use one particular
address (and port number) when making outgoing queries. In other words
it sets the source port and address in the UDP and IP headers. This
will make the name server use only one of its network interfaces when
it makes queries to other name servers. Normally, named will choose
whatever one of the network interfaces is "closest" in routing terms
to the destination. Note too that query-source only applies to
outgoing UDP traffic. If the name server has to make a TCP connection,
it always uses a wildcard IP address and a random non-privileged
port. It lets the OS choose the address and port, in other words.

BTW, it's a mistake to have 2 query-source clauses in the options{}
statement because you can only tell named to use 1 address/port for
outgoing queries. The last query-source clause will be the one that's
used. The others are silently ignored. (See ns_parser.y.)


More information about the bind-users mailing list