source address ignored in 9.3.1?

Mark Andrews Mark_Andrews at isc.org
Wed May 4 14:22:12 UTC 2005


> Hello everyone,
> 
> There seems to be an issue with the query-source and/or transfer source=20
> options in Bind 9.3.1: while I have an address defined for query, transfer,=
> =20
> listen and notify, the nameserver still tries to use it primary IP address=
> =20
> for some queries. These queries are SOA queries for domains where it acts a=
> s=20
> slave, followed by (failed) attempts to open TCP connections from that same=
> =20
> IP address. So no slave zone is transferred. For resolving the address=20
> 158.64.1.25 is used correctly.=20
> 
> =46rom the options in named.conf:
> 
>         listen-on { 127.0.0.1; 158.64.1.25; };
>         query-source address 158.64.1.25;
>         transfer-source 158.64.1.25;
>         notify-source 158.64.1.25;
>         listen-on-v6 { none; };
> 
> The same config used to work in 9.2.x, so did I miss a change, or a bug?
> 
> Best regards,
> Gilles
> 
> =2D-
> RESTENA - DNS-LU
> 6, rue Coudenhove-Kalergi
> L-1359 Luxembourg
> tel: (+352) 424409
> fax: (+352) 422473
> 

1446.   [func]          Implemented undocumented alternate transfer sources
                        from BIND 8.  See use-alt-transfer-source,
                        alt-transfer-source and alt-transfer-source-v6.

                        SECURITY: use-alt-transfer-source is ENABLED unless
                        you are using views.  This may cause a security risk
                        resulting in accidental disclosure of wrong zone
                        content if the master supplying different source
                        content based on IP address.  If you are not certain
                        ISC recommends setting use-alt-transfer-source no;

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list