BIND and listening on interfaces

Mark Andrews marka at
Fri Aug 1 23:42:19 UTC 2014

In message <53DBA84D.8030009 at>, Reindl Harald writes:
> the thread yesterday reminded me on my Fedora bugrpeort
> i don't buy "Note that destination IP address must be
> known and set correctly in reply, otherwise clients
> will be confused" because how does it survive NAT
> if listen-on {;}; would work a lot of problems
> could go away - keep in mind that on modern systemd
> systems a service can bind to even before
> the network is started

Named does not bind to because the replies may not come
from the correct address.  If you have multiple addresses on a
interface or multiple interfaces then there is no guarentee that
the address the stack uses to source a UDP reply packet will match
the address the query arrived on.

This is not a issue for TCP where the local address in stored in
the PCB.

For IPv6 we have in6_pktinfo and if the OS supports in6_pktinfo we
use it and bind to :: if the listen-on-v6 acl is "any;".  If the
OS does not support in6_pktinfo then we bind to every interface.

If named is only listening on a subset of interface we bind to each
interface so that the one can run multiple instances and also so
that the correct ICMP messages are emitted.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list