query-source for multiple interfaces

Barry Margolin barmar at alum.mit.edu
Fri May 19 02:03:39 UTC 2006


In article <e4i4t1$2j9d$1 at sf1.isc.org>,
 Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:

> In article <e4gd1a$4bm$1 at sf1.isc.org>,
>  Mark Andrews <Mark_Andrews at isc.org> wrote:
> 
> > Barry Margolin <barmar at alum.mit.edu> wrote:
> > 
> > > In article <e4feh9$12k9$1 at sf1.isc.org>,
> > >  Sam Wilson <Sam.Wilson at ed.ac.uk> wrote:
> > > 
> > > > Looking at the ARM the "query-source" option seems to be able to 
> > > > specify 
> > > > only one address.  We are investigating anycast DNS on multihomed 
> > > > servers.  It looks as though I can't use "query-source" to allow 
> > > > queries 
> > > > to be sent from any address except the multicast address.  Is this true 
> > > > and is there any obvious workaround?  I've already thought of adding a 
> > > > second local /32 address that's specific to the box and sourcing the 
> > > > queries from there, but that's getting rather messy.
> > > 
> > > If the anycast address is an alias IP, I don't think you need to do 
> > > anything.  I think the OS will automatically default the source address 
> > > to the primary IP of the outgoing interface rather than an alias.
> > 
> >  Also it does not make sence to send queries from a anycast
> >  address as the replies are not guarenteed to go back to the
> >  correct instance.
> 
> Of course it doesn't - that's why I'm trying to make sure that BIND 
> doesn't use its anycast address to source anything.  Barry's answer is 
> plausible though the address isn't an external alias as such - it's an 
> additional address on the lo0 interface which might well make it even 
> less likely to be used as a source address.  If it hadn't been for 
> slides 49-50 of <http://www.nanog.org/mtg-0310/pdf/miller.pdf> then I 
> might have thought of that myself (though that setup is different from 
> ours, not being multihomed).

It definitely will *not* use an alias on the loopback address.  If you 
don't use query-source to force a particular address, the source address 
of a query is always the address of the interface the query is sent out.  
Since it should never send queries out the loopback interface, there's 
no reason why it would ever select that as the source address.  I think 
the use of query-source in the slide is just being extra cautious, and 
safe in the case where the server is singly-homed.  But it's not really 
necessary.

Also, unless the server is running a routing daemon, it probably won't 
take much advantage of the fact that it's multihomed.  It will just send 
most of its queries through its default gateway, so you might as well 
set query-source to the interface connected to that.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list