Bind to INADDR_ANY
Mark K. Pettit
pettit at yahoo-inc.com
Wed Jan 11 01:34:58 UTC 2012
There are some caveats to trying to use "interface-interval" to pick up new IPs. If your BIND drops privileges (e.g., by using the "-u" command-line option to named), you might have a problem getting BIND to bind() to the new IP addresses.
For example, on FreeBSD if you use "-u" to drop privileges, BIND will not be able to bind() to new addresses without modifying the kernel to allow non-root users to bind() to port 53.
On modern versions of Linux, BIND can bind() to new IP addresses even with the "-u" option because the kernel has a mechanism to allow it.
In my environment (FreeBSD) we've worked around this problem (just recently, in fact), and I can provide more details if there's any interest.
On Jan 10, 2012, at 11:42 AM, michoski wrote:
> On 1/9/12 5:12 PM, "Bostjan Skufca" <bostjan at a2o.si> wrote:
>> is binding to all interfaces at once already supported in bind9? I know named
>> binds to each at-the-moment-available IP address but in HA environment with
>> virtual interfaces a "rndc reload" is necessary for named to pick up a new
>> interface, which leaves a bit of a window of unavailable service.
>
> According to Bv9ARM.pdf p67 listen-on-v6 { any; }; does a wildcard bind on
> supporting systems, while listen-on { any; }; behaves as you describe:
>
> OPS:55 mhoskins at dev-ops-test1.vega:~$ grep listen-on /etc/namedb/named.conf
> listen-on { any; };
> listen-on-v6 { any; };
>
> OPS:56 mhoskins at dev-ops-test1.vega:~$ netstat -an|grep 53
> tcp 0 0 10.8.36.47:53 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:53 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:953 0.0.0.0:*
> LISTEN
> tcp 0 0 :::53 :::*
> LISTEN
> tcp 0 0 :::5308 :::*
> LISTEN
> udp 0 0 10.8.36.47:53 0.0.0.0:*
> udp 0 0 127.0.0.1:53 0.0.0.0:*
> udp 0 0 :::53 :::*
>
> However (I usually just set it to 0), the caveat you might have missed is
> that you can control how often (if at all) BIND rescans the list of
> available interfaces (ARM p73):
>
> "The server will scan the network interface list every interface-interval
> minutes. The default is 60 minutes. The maximum value is 28 days (40320
> minutes). If set to 0, interface scanning will only occur when the
> configuration file is loaded. After the scan, the server will begin listen-
> ing for queries on any newly discovered interfaces (provided they are
> allowed by the listen-on configuration), and will stop listening on
> interfaces that have gone away."
>
> Setting interface-interval to a reasonably low value should keep you from
> needing to rndc reconfig/reload.
>
> http://www.isc.org/software/bind/documentation
>
> --
> Don't worry about avoiding temptation -- as you grow older, it starts
> avoiding you. -- The Old Farmer's Almanac
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list