W.C.A. Wijngaards wrote: > Instead of having statically entered IP addresses in unbound, you can > set interface-automatic. This binds to the ::0 and 0.0.0.0 > (everything), and responds to incoming traffic on all interfaces. It > detects the interface a packet was received on and replies from that > interface. This could maybe work with DAD (not sure what that does)?
i note this feature is marked experimental in the unbound.conf manpage, is this safe to use? i was reading through some of the unbound socket code a while back and iirc this changes the behavior of the daemon somewhat. would binding to ::0 and 0.0.0.0 impact any other DNS server running on the box? e.g., i have a few boxes where an authoritative BIND server is running on the external network interface, and an unbound server is running on loopback and the internal network interfaces, and it's just a matter of explicitly telling which daemons to listen on which addresses. does having one of the servers bound to INADDR_ANY instead disrupt anything? > Robert, unbound is already an event-based design. Not sure how I > would get events to retry bind() attempts. Or know which bind() > attempts were 'optional'. Right now it treats ipv6 when 'implicitly > there' (by defaults) as 'optional' in case ipv6 is not supported. right, i was referring to this message in this thread: http://thread.gmane.org/gmane.linux.debian.devel.general/177841/focus=177875 "event-based approach" meaning something like, listening to a routing socket for addresses being added/removed from the system and binding/unbinding the corresponding listen sockets. i believe ntpd does something like this, at least it's able to detect addresses being added and removed from the system at runtime. (that is, the "events" are addresses being added/removed, not packets being sent/received. sorry if i wasn't being clear.) BIND also tries to do something similar with its interface-interval directive, where it periodically rescans the network interfaces: interface-interval The server will scan the network interface list every interface-interval minutes. The default is 60 minutes. The maximum value is 28 days (40320 minutes). If set to 0, interface scanning will only occur when the configuration file is loaded. After the scan, the server will begin listening for queries on any newly discovered interfaces (provided they are allowed by the listen-on configuration), and will stop listening on interfaces that have gone away. i think the best thing to do, however, is to just make sure in the distro that when static IPv6 addressing is used, that we fully bring up the network before starting any network daemons. -- Robert Edmonds [email protected]
signature.asc
Description: Digital signature
