[SOLVED] Re: bind listening on UDP port 53 using 2 fd
bernardo.pons at gmail.com
Tue Jan 26 11:04:51 UTC 2021
Again, the problem here is that perfectly valid configuration lines in
/etc/named.conf would cause serious trouble.
BIND 9.16.1.+ DNS admins should be aware of it.
So that's the reason I wrote this post.
de virus. www.avast.com
El lun, 25 ene 2021 a las 14:33, Matus UHLAR - fantomas (<uhlar at fantomas.sk>)
> On 25.01.21 14:05, Bernardo wrote:
> >Yes. This causes serious problems.
> >The problem is that these perfectly valid configuration lines in
> >/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of
> >your DNS server, it doesn't matter if it is a primary or secondary) will
> >cause you a lot of trouble.
> >query-source address 192.168.10.100;
> >notify-source 192.168.10.100 port 53;
> >transfer-source 192.168.10.100 port 53;
> >These configuration lines will cause you problems as described in my post
> >BIND ignores "packets received correctly" ) from January 2020.
> >It seems that this is a know issue since BIND 9.16.1 version: UDP network
> >ports used for listening can no longer simultaneously be used for sending
> which means, that the "port 53" is what causes problems and the rest can
> stay there.
> If you only have interace address "192.168.10.100" (except loopback, if
> course), or if that is the primary address of your interface, those
> defitions are useless, otherwise you should keep them there.
> >El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas (<
> uhlar at fantomas.sk>)
> >> On 23.01.21 12:44, Bernardo wrote:
> >> >Finally I've found the solution.
> >> >The problem seems to be caused by a known issue since BIND version
> >> >
> >> >Commenting out these lines in /etc/named.conf solves the issue:
> >> >
> >> >query-source address 192.168.10.100;
> >> >notify-source 192.168.10.100 port 53;
> >> >transfer-source 192.168.10.100 port 53;
> >> this should not cause a problem and may cause troubles when
> >> is not the primary address.
> >> the "port 53" is usually useless (unless you have stateless firewall)
> >> may be what caused your problem.
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Fucking windows! Bring Bill Gates! (Southpark the movie)
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> bind-users mailing list
> bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users