named: IPsrc for ougoing UDP query != outgoing interface (weak-end model?)

Mark.Andrews at iengines.com Mark.Andrews at iengines.com
Fri Dec 3 02:31:58 UTC 1999


> platform: BIND 8.2.2p5 on Solaris 2.6
> 
> On a host with two physical interfaces attached to different networks,
> I see named sending UDP queries out via interface A, but with interface B's I
> Psrc address.
> Sort of a weak-end model behavior.

	I doubt they were queries.  They were most likely responses
	which are supposed to be sourced from the address the query
	was sent to.

	This sounds like you has asymmetric routing.  Either fix
	the asymetric routing or fix the router's acls to take into
	account the assymetric routing.

	Mark
> 
> (This is bad; when the packets reach the IP router, it drops them due to 
> IP spoof filtering.)
> 
> Since I don't really need/want BIND to use interface B anyway, I tried to use
> the following option to force UDP queries to come from address A.A.A.A :
> 
>    query-source address A.A.A.A port *
> 
> However, that does not affect which physical interface is used for the outgoi
> ng packets;
> I still see the same behavior.
> 
> My options also include the following which appear to work as expected:
>     listen-on { 127.0.0.1; A.A.A.A.; };
>     transfer-source  A.A.A.A;
> 
> Any suggestion?
> 
> - Irwin Tillman, Princeton University
> 
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com


More information about the bind-users mailing list