dig query

Kevin Oberman kob6558 at gmail.com
Mon Aug 13 21:34:44 UTC 2012

On Mon, Aug 13, 2012 at 10:18 AM, John Williams <john.1209 at yahoo.com> wrote:
> I've a system with two interfaces; a management and a data interface.  My
> default route is set out to the data interface.
> doing a
> dig +tcp someIP.com @some.resolver
> works fine.
> If I want a UDP based query, I have to specify -b option and provide IP of
> the interface otherwise it fails.
> Why is that?
> I would imagine the query would travel out the default route of the host.

It certainly should. You might try a traceroute to the server and
confirm how it goes out.
But the problem is probably NOT how it goes out, but how it comes
back. '-b' sets the source address of the packets that will appear in
the IP header, but does not specify the route it should take. Sounds
line the default ADDRESS placed in the outgoing packets night not be
what you expect and that the return path might be hitting a firewall
that allows TCP established packets. Of course, established does not
work or UDP, but by forcing the source, the response is hitting the
data interface, where it is permitted.

This is largely guesswork, but use of tcpdump and looking at the the
counter/logs of any firewall should confirm this or let you move on to
other options.
R. Kevin Oberman, Network Engineer
E-mail: kob6558 at gmail.com

More information about the bind-users mailing list