query-source/transfer-source have no effect (bind 9.2.1)

Monu Ogbe monu at houxou.com
Fri Jan 2 15:35:25 UTC 2004


My name server is called 'ns1.dns.ournet.com' which maps to the IP
address '' (eth0:1).  Multiple IP addresses are aliased
to eth0 on the server.

Since a recent upgrade from RedHat 7.3/Bind 8 to Redhat 9/Bind 9.2.1, I
have been unable to get the name server to perform queries and transfers
on the addresses specified in the query-source and transfer-source
options.  Instead, the server defaults to performing queries and
transfers using the primary IP address assigned to eth0.

The following IP addresses are configured on the name server:

eth0      inet addr:  Bcast:
eth0:0    inet addr:  Bcast:
eth0:1    inet addr:  Bcast:
lo        inet addr:  Mask:

The options statement in /etc/named.conf is as follows:

options {
        listen-on {; };
        query-source address port 53;
        directory "/var/named";
        notify yes;
        also-notify {
        allow-transfer {
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND 8.1 uses an unprivileged
        * port by default.
        //query-source address port 53;

The symptoms are that peer servers reject our requests because they
expect these to come from instead of which the queries
and transfer requests come from =20

tcpdumps of queries and transfer requests show this to be true; such
that performing a dig from the server to a peer:

	# dig @ test.ournet.com -t any

produces the following (unexpected) tcpdump output:

tcpdump: listening on eth0
15:16:21.797540 >  35824+ ANY?
test.ournet.com. (33) (DF)
15:16:26.798564 >  35824+ ANY?
test.ournet.com. (33) (DF)

On the other-hand, I AM able to force a query to take place from a
specified address using dig's -b option; and:

	# dig @ test.ournet.com -b192.168.240.56 -t any

produces the following (expected) tcpdump output:

tcpdump: listening on eth0
15:20:57.553985 >  65062+ ANY?
test.ournet.com. (33) (DF)
15:21:02.564697 >  65062+ ANY?
test.ournet.com. (33) (DF)

I'm flummoxed by this, and would grately appreciate a steer.

Many thanks in advance,=20

Monu Ogbe

More information about the bind-users mailing list