named: IPsrc for ougoing UDP query != outgoing interface (weak-end model?)

Irwin Tillman irwin at Princeton.EDU
Thu Dec 2 13:37:55 UTC 1999


platform: BIND 8.2.2p5 on Solaris 2.6

On a host with two physical interfaces attached to different networks,
I see named sending UDP queries out via interface A, but with interface B's IPsrc address.
Sort of a weak-end model behavior.

(This is bad; when the packets reach the IP router, it drops them due to 
IP spoof filtering.)

Since I don't really need/want BIND to use interface B anyway, I tried to use
the following option to force UDP queries to come from address A.A.A.A :

   query-source address A.A.A.A port *

However, that does not affect which physical interface is used for the outgoing packets;
I still see the same behavior.

My options also include the following which appear to work as expected:
    listen-on { 127.0.0.1; A.A.A.A.; };
    transfer-source  A.A.A.A;

Any suggestion?

- Irwin Tillman, Princeton University


More information about the bind-users mailing list