BIND and listening on interfaces

Reindl Harald h.reindl at
Fri Aug 1 15:32:40 UTC 2014

Am 01.08.2014 um 17:16 schrieb Barry Margolin:
> In article <mailman.720.1406904401.26362.bind-users at>,
>  Reindl Harald <h.reindl at> wrote:
>> the thread yesterday reminded me on my Fedora bugrpeort
>> i don't buy "Note that destination IP address must be
>> known and set correctly in reply, otherwise clients
>> will be confused" because how does it survive NAT
> What's meant is that the source address of the reply must match the 
> destination address of the request. This is the how TCP behaves 
> automatically, since it involves connections, but all UDP packets are 
> independent. When BIND sends a reply message, the stack doesn't know 
> that it's related to a particular incoming message whose IPs should be 
> flipped.
> It survives NAT because the router remembers how it translated the 
> incoming packet. When it sees an outgoing packet with the translated IP 
> and port, it undoes the translation

yes and no

iptables knows the concept of " -p udp -m conntrack --ctstate NEW"
so the stack somehow knows, not the same way as TCP but it knows

other UDP services like OpenVPN, dhcpd, avahi or mediathomb just
listening on UDP and just working

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list