Lookup failures
Greg Choules
gregchoules+bindusers at googlemail.com
Fri Sep 13 15:15:09 UTC 2024
Hi Steven.
As you said, `listen-on {...;};` tells BIND which addresses to register for
incoming traffic. This can be a list, not just one address. Any query
received on (say) 10.0.0.1 will be responded to from the same address.
It is possible to choose which address to use for outgoing queries/fetches
as well, using `query-source address ...;`, which in the past I have used
and made different from the listen-on address(es) so that I can tell in
packet captures what is what. Also it's handy for firewall rules, keeping
client<>resolver traffic on different addresses from resolver<>world
traffic.
Is that what you wanted to know?
Cheers, Greg
On Fri, 13 Sept 2024 at 15:14, Steven Shockley <steve.shockley at shockley.net>
wrote:
> On 9/12/2024 9:20 PM, Steven Shockley wrote:
> > I'll try to run some tcpdumps inbound and outbound tomorrow, traffic
> > should be pretty light.
>
> I did find something interesting that may or may not be related.
>
> The machine is also the Internet gateway. One NIC has a vlan interface
> for each network; there's also a Cisco switch that routes between
> subnets. The client-to-bind traffic routes via the Cisco switch, but
> BIND sends the response via the direct vlan interface.
>
> Bad ASCII art:
>
> Query:
> client --> (vlan102) --> switch --> (vlan101) --> DNS
>
> Response:
> DNS --> (vlan102) --> client
>
> Is there a way to tell BIND to listen (and respond) on a specific
> interface? I already have listen-on { 10.0.0.1; }; (vlan101 IP) in the
> config with nothing else listening.
>
> I guess there's nothing technically wrong with this, but it does make it
> harder to troubleshoot.
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240913/a3c9f43e/attachment.htm>
More information about the bind-users
mailing list