query-source for multiple interfaces
Barry Margolin
barmar at alum.mit.edu
Fri May 19 02:03:39 UTC 2006
In article <e4i4t1$2j9d$1 at sf1.isc.org>,
Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:
> In article <e4gd1a$4bm$1 at sf1.isc.org>,
> Mark Andrews <Mark_Andrews at isc.org> wrote:
>
> > Barry Margolin <barmar at alum.mit.edu> wrote:
> >
> > > In article <e4feh9$12k9$1 at sf1.isc.org>,
> > > Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:
> > >
> > > > Looking at the ARM the "query-source" option seems to be able to
> > > > specify
> > > > only one address. We are investigating anycast DNS on multihomed
> > > > servers. It looks as though I can't use "query-source" to allow
> > > > queries
> > > > to be sent from any address except the multicast address. Is this true
> > > > and is there any obvious workaround? I've already thought of adding a
> > > > second local /32 address that's specific to the box and sourcing the
> > > > queries from there, but that's getting rather messy.
> > >
> > > If the anycast address is an alias IP, I don't think you need to do
> > > anything. I think the OS will automatically default the source address
> > > to the primary IP of the outgoing interface rather than an alias.
> >
> > Also it does not make sence to send queries from a anycast
> > address as the replies are not guarenteed to go back to the
> > correct instance.
>
> Of course it doesn't - that's why I'm trying to make sure that BIND
> doesn't use its anycast address to source anything. Barry's answer is
> plausible though the address isn't an external alias as such - it's an
> additional address on the lo0 interface which might well make it even
> less likely to be used as a source address. If it hadn't been for
> slides 49-50 of <http://www.nanog.org/mtg-0310/pdf/miller.pdf> then I
> might have thought of that myself (though that setup is different from
> ours, not being multihomed).
It definitely will *not* use an alias on the loopback address. If you
don't use query-source to force a particular address, the source address
of a query is always the address of the interface the query is sent out.
Since it should never send queries out the loopback interface, there's
no reason why it would ever select that as the source address. I think
the use of query-source in the slide is just being extra cautious, and
safe in the case where the server is singly-homed. But it's not really
necessary.
Also, unless the server is running a routing daemon, it probably won't
take much advantage of the fact that it's multihomed. It will just send
most of its queries through its default gateway, so you might as well
set query-source to the interface connected to that.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list