dns replies differ in src IP from query's dst IP (Bug?)

Guy Pazi guypazi at netvision.net.il
Wed Nov 21 13:25:20 UTC 2001


Thanks Mark, it's been of great help.
Just to make sure I understood. It has nothing to do with NS implementation
but rather with the IP stack?
Thanks again
Guy

> -----Original Message-----
> From: marka at isc.org [mailto:marka at isc.org]On Behalf Of
> Mark.Andrews at isc.org
> Sent: Wednesday, 21 November, 2001 2:34 PM
> To: Guy Pazi
> Cc: bind-users at isc.org
> Subject: Re: dns replies differ in src IP from query's dst IP (Bug?)
>
>
>
> >
> > Hi,
> > I’ve seen the following paragraph in rfc 1035:
> > “- Some name servers send their responses from different
> addresses than the
> > one used to receive the query.  That is, a resolver cannot rely that a
> > response will come from the same address, which it sent the
> corresponding
> > query to. This name server bug is typically encountered in UNIX
> systems.”
> >
> > I couldn’t find which NSs’ implementations enable this kind of
> behavior, and
> > if this is user configurable.
>
> 	No.  It is not user configurable.  It is undesired behaviour
> 	brought about by limitations of the IP stack of the host
> 	machine or by not using the capabilities of the IP stack
> 	properly to ensure that reply packet have the correct source
> 	address and port.
>
> > I’m interested in the behavior of popular NSs’ implementations (bind and
> > others).
> >
> > P.S. whoever knows about this “bug”: is the IP used to reply
> dns queries is
> > typically used for listening to queries as well?
>
> 	It doesn't have to be.
>
> > I.e. does the resolver
> > issuing the query is aware of the IP used for reply as an
> additional IP of
> > the NS in question?
>
> 	Not always.
>
> > Thanks
> > Guy
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org
>



More information about the bind-users mailing list