[nsd-users] Fixed IPv6 Source Address for UDP Connections

Matthias-Christian Ott ott at mirix.org
Mon Jul 12 09:00:17 UTC 2010

On Mon, Jul 12, 2010 at 09:51:56AM +0200, Peter Koch wrote:
> On Mon, Jul 12, 2010 at 09:28:44AM +0200, Yuri Schaeffer wrote:
> > > However, sometimes the DNS server replies from a different address
> > > (the client queried 2001:db8:1::2 and got a reply from 2001:db8:1::2),
> which would seem perfectly OK - unless this was a failed obfuscation attempt.

I just got the example wrong and pasted the wrong address. Both
addresses were supposed to be different ;).

> > > because the DNS server seems to pick an address randomly. This is
> > > possible because UDP is stateless (with TCP it works).
> > 
> > When you don't specify an interface to bind the OS will select one for
> > you. The tunnel interface may be confusing it. Make sure your nsd.conf
> This could be read to say that NSD might not follow section 4 of RFC 2181
> to the fullest extent possible.  Really?

As far as I understood it, this clarification only applies to recursive,
but not authorative name servers, so it could be irrelevant to nsd.

This could also explain, why dig did issue a warning:

$ dig @2001:db8:2::1 -x 2001:db8:2::1
;; reply from unexpected source: 2001:db8:1::2#53, expected

(I didn't setup a NS record yet, because everything is not running as
expected. So I did query the authorative DNS server directly.)

dig seems to expect a recursive DNS server after the @.


More information about the nsd-users mailing list