query-source for multiple interfaces

Mark Andrews Mark_Andrews at isc.org
Thu May 18 23:01:53 UTC 2006


> In article <e4gd1a$4bm$1 at sf1.isc.org>,
>  Mark Andrews <Mark_Andrews at isc.org> wrote:
> 
> > > In article <e4feh9$12k9$1 at sf1.isc.org>,
> > >  Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:
> > > 
> > > > Looking at the ARM the "query-source" option seems to be able to specify
>  
> > > > only one address.  We are investigating anycast DNS on multihomed 
> > > > servers.  It looks as though I can't use "query-source" to allow queries
>  
> > > > to be sent from any address except the multicast address.  Is this true 
> > > > and is there any obvious workaround?  I've already thought of adding a 
> > > > second local /32 address that's specific to the box and sourcing the 
> > > > queries from there, but that's getting rather messy.
> > > 
> > > If the anycast address is an alias IP, I don't think you need to do 
> > > anything.  I think the OS will automatically default the source address 
> > > to the primary IP of the outgoing interface rather than an alias.
> > 
> > 	Also it does not make sence to send queries from a anycast
> > 	address as the replies are not guarenteed to go back to the
> > 	correct instance.
> 
> That's his point -- he wants to PREVENT it from using the anycast 
> address.  But he doesn't want to list all the other addresses 
> explicitly, he was hoping for something like:
> 
> query-source address { !1.2.3.4; };
> 
> to mean "use any of the system's addresses except 1.2.3.4".
> 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***

	Well he actually said "multicast" which a assummed was his
	way of saying "*".

	named won't send from a real multicast address (class D) as
	multicast needs code support which doesn't exist.

	In general there is no way to select a particular address to
	sending to a set of addresses.  If someone feels like adding
	it we will look at the patches.  Normally the kernel selects
	a appropriate address (based on outgoing interface, etc.) for
	multihomed boxes.

	If he actually ment anycast, then you only need to ensure that
	there us a unicast address configured first or the routing
	doesn't send the packet out that interface.  It will still receive
	packets to the unicast address.  Again this is just using the
	kernel's address selection rules.

	Replies to queries addresses to the unicast address will be replied
	to using the unicast address as the source address.

	Mark

	I would expect something like this would work:

		query-source address 1.2.3.4 port 53 { !192.168/16; any; };
		query-source address 192.168.3.4 port 53 { 192.168/16; };

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list