<div dir="ltr"><div>From release notes:</div><div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px">Notes for BIND 9.16.1<br><br>Known Issues<br>UDP network ports used for listening can no longer simultaneously be used for sending traffic. An example configuration which triggers this issue would be one which uses the same address:port pair for listen-on(-v6) statements as for notify-source(-v6) or transfer-source(-v6). While this issue affects all operating systems, it only triggers log messages (e.g. “unable to create dispatch for reserved port”) on some of them. There are currently no plans to make such a combination of settings work again.<br><br></blockquote>Also, using fixed sourt ports is at worst considered harmful, at best considered a quaint reminder of the ol' days of stateless firewalls. Generally, if you need to do that, you are doing something wrong.</div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 4, 2020 at 2:25 AM Axel Rau <<a href="mailto:Axel.Rau@chaos1.de">Axel.Rau@chaos1.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;"><br><div><br><blockquote type="cite"><div>Am 01.09.2020 um 22:28 schrieb Axel Rau <<a href="mailto:Axel.Rau@chaos1.de" target="_blank">Axel.Rau@chaos1.de</a>>:</div><br><div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">tcp queries are being answered, but udp queries receive no response.</div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">This is independent of client location (local, remote).</div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br></div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">A ktrace shows 8 bytes are written on fd 89, the 8 bytes read on fd 88.</div><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">The next read gets an errno 35 (see below).</div></div></blockquote></div><div><br></div>Commenting these out, seems to resolve the issue:<div><br></div><div><div><span style="white-space:pre-wrap"> </span>query-source address 91.216.35.21;</div><div><span style="white-space:pre-wrap"> </span>notify-source 91.216.35.21 port 53;</div><div><span style="white-space:pre-wrap"> </span>transfer-source 91.216.35.21 port 53;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>query-source-v6 address 2a05:bec0:26:5::71;</div><div><span style="white-space:pre-wrap"> </span>notify-source-v6 2a05:bec0:26:5::71 port 53;</div><div><span style="white-space:pre-wrap"> </span>transfer-source-v6 2a05:bec0:26:5::71 port 53;</div><div><br></div><div>Queries to localhost shows that the response does not come from localhost:</div><div><br></div><div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">root@ns5:/var/log # dig localhost @localhost</span></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">;; reply from unexpected source: 91.216.35.21#53, expected 127.0.0.1#53</span></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255);min-height:15px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">;; reply from unexpected source: 91.216.35.21#53, expected 127.0.0.1#53</span></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255);min-height:15px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">;; reply from unexpected source: 91.216.35.21#53, expected 127.0.0.1#53</span></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255);min-height:15px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255);min-height:15px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">; <<>> DiG 9.16.6 <<>> localhost @localhost</span></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">;; global options: +cmd</span></div><div style="margin:0px;font-stretch:normal;font-size:11px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">;; connection timed out; no servers could be reached</span></div></div><div><span style="font-variant-ligatures:no-common-ligatures"><br></span></div><div><span style="font-variant-ligatures:no-common-ligatures">No issue with remote queries.</span></div><div><span style="font-variant-ligatures:no-common-ligatures"><br></span></div><div><span style="font-variant-ligatures:no-common-ligatures">Questions:</span></div><div><span style="font-variant-ligatures:no-common-ligatures"><br></span></div><div><span style="font-variant-ligatures:no-common-ligatures">What has </span>query-source address to do with a query response?</div><div>Why does the issue not happen on another server (same config, same OS&bind version) ? </div><div><br></div><div>Axel</div><div>
<div dir="auto" style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div dir="auto" style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="color:rgb(0,0,0);font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div>---<br>PGP-Key: CDE74120 ☀ computing @ chaos claudius</div></div></div></div></div></div>
</div>
<br></div></div>_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>