In message <[email protected]>, Reindl Harald writes: > > the thread yesterday reminded me on my Fedora bugrpeort > https://bugzilla.redhat.com/show_bug.cgi?id=3D1073038#c3 > https://bugzilla.redhat.com/show_bug.cgi?id=3D1073038#c8 > > i don't buy "Note that destination IP address must be > known and set correctly in reply, otherwise clients > will be confused" because how does it survive NAT > > if listen-on {0.0.0.0;}; would work a lot of problems > could go away - keep in mind that on modern systemd > systems a service can bind to 0.0.0.0 even before > the network is started
Named does not bind to 0.0.0.0 because the replies may not come from the correct address. If you have multiple addresses on a interface or multiple interfaces then there is no guarentee that the address the stack uses to source a UDP reply packet will match the address the query arrived on. This is not a issue for TCP where the local address in stored in the PCB. For IPv6 we have in6_pktinfo and if the OS supports in6_pktinfo we use it and bind to :: if the listen-on-v6 acl is "any;". If the OS does not support in6_pktinfo then we bind to every interface. If named is only listening on a subset of interface we bind to each interface so that the one can run multiple instances and also so that the correct ICMP messages are emitted. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
