DoT answers only for loopback interface

poubeline at free.fr poubeline at free.fr
Mon May 4 14:28:24 UTC 2026 

Hello,


I am new to this mailing list but I am a bind user for many years and 
have been able to find answers to my problems with internet search.


But his time I have a very strange behavior with the implementation of 
DoT with BIND 9.20.21.

If I type 'dig +tls @127.0.0.1 google.com A' I get this:

 >dig +tls @127.0.0.1 google.com A

; <<>> DiG 9.20.21-1~deb13u1-Debian <<>> +tls @127.0.0.1 google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60158
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f9d2ab7b838355f70100000069f8ab35798000611d158b1b (good)
;; QUESTION SECTION:
;google.com.            IN    A

;; ANSWER SECTION:
google.com.        164    IN    A    192.178.204.100
google.com.        164    IN    A    192.178.204.113
google.com.        164    IN    A    192.178.204.102
google.com.        164    IN    A    192.178.204.101
google.com.        164    IN    A    192.178.204.138
google.com.        164    IN    A    192.178.204.139

;; Query time: 16 msec
;; SERVER: 127.0.0.1#853(127.0.0.1) (TLS)
;; WHEN: Mon May 04 16:20:37 CEST 2026
;; MSG SIZE  rcvd: 163

But if I type 'dig +tls @192.168.10.205 google.com A' i get:

 >dig +tls @192.168.10.205 google.com A
;; communications error to 192.168.10.205#853: end of file
;; communications error to 192.168.10.205#853: end of file
;; communications error to 192.168.10.205#853: end of file

; <<>> DiG 9.20.21-1~deb13u1-Debian <<>> +tls @192.168.10.205 google.com A
; (1 server found)
;; global options: +cmd
;; no servers could be reached


It's like if the configuration I set for DoT would answer only on the 
loopback interface, however, my configuration is:

     listen-on-v6 { none; };
     listen-on { 127.0.0.1; 192.168.10.205; };
     listen-on port 53 { 127.0.0.1; 192.168.10.205; };
     listen-on port 853 tls mytls { 127.0.0.1; 192.168.10.205; };
     listen-on port 8053 tls mytls http myhttp { 127.0.0.1; 
192.168.10.205; };


If I use the same queries for port 53 I have the same issue, the local 
IP address of my server is never available, only the loopback interface.



Does anyone have a clue on this?

Thanks for your answers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260504/b0a0bc2e/attachment.htm>

More information about the bind-users mailing list