Public DNS - recursion no - Access to the Internet
barmar at alum.mit.edu
Tue Feb 20 06:20:00 UTC 2007
In article <erdak6$1ndr$1 at sf1.isc.org>,
Pascal Hambourg <pascal.mail at plouf.fr.eu.org> wrote:
> Jarek Buczynski a ecrit :
> > Below is next quote:
> > "If you use multiple nameserver directives, don't use the loopback address!
> > There's a bug in some Berkeley-derived TCP/IP implementations that can cause
> > problems with BIND if the local nameserver is down. The resolver's connected
> > datagram socket won't rebind to a new local address if the local nameserver
> > isn't running, and consequently the resolver sends query packets to the
> > fallback remote nameservers with a source address of 127.0.0.1. When the
> > remote nameservers try to reply, they end up sending the reply packets to
> > themselves."
> Wow, that's a bug !
> However, the sender's IP stack should refuse to send the packet out on
> the network because adresses within 127.0.0.0/8 are invalid outside a
> host. And even though, the receiver's IP stack should also drop the
> incoming packet for the same reason. So, in order for the remote
> nameserver to send a reply, we need a lot of broken software.
Does it really matter whether the server gets the request or not?
Either way it won't be able to reply to the client.
Barry Margolin, barmar at alum.mit.edu
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users