[nsd-users] Fixed IPv6 Source Address for UDP Connections
ott at mirix.org
Mon Jul 12 09:00:17 UTC 2010
On Mon, Jul 12, 2010 at 09:51:56AM +0200, Peter Koch wrote:
> On Mon, Jul 12, 2010 at 09:28:44AM +0200, Yuri Schaeffer wrote:
> > > However, sometimes the DNS server replies from a different address
> > > (the client queried 2001:db8:1::2 and got a reply from 2001:db8:1::2),
> which would seem perfectly OK - unless this was a failed obfuscation attempt.
I just got the example wrong and pasted the wrong address. Both
addresses were supposed to be different ;).
> > > because the DNS server seems to pick an address randomly. This is
> > > possible because UDP is stateless (with TCP it works).
> > When you don't specify an interface to bind the OS will select one for
> > you. The tunnel interface may be confusing it. Make sure your nsd.conf
> This could be read to say that NSD might not follow section 4 of RFC 2181
> to the fullest extent possible. Really?
As far as I understood it, this clarification only applies to recursive,
but not authorative name servers, so it could be irrelevant to nsd.
This could also explain, why dig did issue a warning:
$ dig @2001:db8:2::1 -x 2001:db8:2::1
;; reply from unexpected source: 2001:db8:1::2#53, expected
(I didn't setup a NS record yet, because everything is not running as
expected. So I did query the authorative DNS server directly.)
dig seems to expect a recursive DNS server after the @.
More information about the nsd-users