BIND 10 trac1948, updated. 55a817bff19c1b61e2ce32d22a743d4a3073036c [1948] Suggest listing all addresses in listen_on

BIND 10 source code commits bind10-changes at lists.isc.org
Thu May 24 10:57:14 UTC 2012 

The branch, trac1948 has been updated
       via  55a817bff19c1b61e2ce32d22a743d4a3073036c (commit)
      from  2801bd9baadb96c2965b2cddc729e9ac2ec6dbb0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 55a817bff19c1b61e2ce32d22a743d4a3073036c
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Thu May 24 12:55:24 2012 +0200

    [1948] Suggest listing all addresses in listen_on
    
    The guide is modified to suggest to list all the addresses explicitly
    for a multi-homed server, since the wildcard addresses don't work well
    yet.

-----------------------------------------------------------------------

Summary of changes:
 doc/guide/bind10-guide.xml |   18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

-----------------------------------------------------------------------
diff --git a/doc/guide/bind10-guide.xml b/doc/guide/bind10-guide.xml
index e2b3961..c868a55 100644
--- a/doc/guide/bind10-guide.xml
+++ b/doc/guide/bind10-guide.xml
@@ -1352,6 +1352,24 @@ This may be a temporary setting until then.
       and <varname>port</varname> number.
       By default, <command>b10-auth</command> listens on port 53
       on the IPv6 (::) and IPv4 (0.0.0.0) wildcard addresses.
+      <note>
+        <simpara>
+          The default configuration is not appropriate for a multi-homed host.
+          In case you have multiple public IP addresses, it is possible the
+          query UDP packet comes through one interface and the answer goes out
+          through another. This will probably be dropped by the client, as it
+          has a different source address than the one it sent the query to. The
+          client would fall back on TCP after several attempts, which works
+          well in this situation, but it is clearly not ideal.
+        </simpara>
+        <simpara>
+          There are plans to solve the problem in a way the server will handle
+          it itself. But until it is actually implemented, it is recommended to
+          alter the configuration — remove the wildcard addresses and list all
+          addresses explicitly. Then the server will answer on the same
+          interface as the request came, preserving the correct address.
+        </simpara>
+      </note>
               </simpara>
             </listitem>
           </varlistentry>

More information about the bind10-changes mailing list