[nsd-users] wildcard interfaces and UDP
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Tue Feb 22 09:44:52 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Vlad,
On 02/19/2011 04:26 PM, Vlad Glagolev wrote:
> On Fri Feb 11 13:23:56 CET 2011 W.C.A. Wijngaards wrote:
>>
>> Hi Vlad,
>>
>> On 01/27/2011 01:08 PM, Vlad Glagolev wrote:
>>> Hello there,
>>>
>>> our NSD setup is pretty simple, however the server one isn't.
>>>
>>> there are 2 servers sharing one IP-address inbetween via CARP.
>>> though, a problem:
>>
>> This messes with the routes and interfaces, right? NSD may need to have
>> ip-address: specified by hand, with the full IP addresses it services
>> (to avoid it calling the OS with zero IP and letting the route tables do
>> the wrong things).
>
> oh I see, but well.. when you run apache, snmpd or anything else, it handles
> such situation pretty carefully, no?
>
> the idea is one more ip address is added dynamically as an alias to physical
> interface:
>
> ifconfig eth0:0 xx.xx.xx.xx netmsk yy.yy.yy.yy
>
> then I can connect to http, snmp, etc.
>
> when i use wildcard interface for nsd, static IP address works fine, but not
> that "dynamic" one.
Thank you for the explanation. Yes that sounds like something that NSD
does not do today; it is a feature that you need. Unbound has
'interface-automatic' for this.
With that option it sets lots of socket options, and basically asks the
system what interface the packet was received on, and instructs it to
send the reply via that specific interface. These options depend on the OS.
> the problem is: I can't specify it on both machines, since it can belong to
> the only one. it's handled dynamically by CARP. and when I put non-existent
> IP-address, NSD failes to start while binding to non-existent IP.
Yes exactly, detecting that a new interface was added to the system.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1jhZQACgkQkDLqNwOhpPgd6gCfePBPu8yAXiOuieB9/rsvz/X2
YO0An2vFiQVn5Tt5BSmFZahDkL/+8DN1
=H86b
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list