[nsd-users] Question about response source address and dynamic interfaces
Paul Wouters
paul at nohats.ca
Thu Aug 16 15:16:04 UTC 2012
On Thu, 16 Aug 2012, Gavin Brown wrote:
> I have a FreeBSD box (hostA) running NSD. It has a management address
> (10.0.0.2) and a service address (10.0.0.3). It is part of a clustered
> pair with a Linux machine (hostB) that has a management address
> (10.0.0.4) and a service address (10.0.0.5). DNS queries are sent to the
> two service addresses. Heartbeat is used to co-ordinate the pairs: if
> hostB goes offline, then the service address (10.0.0.5) is brought up on
> hostA so that it can answer queries, and vice versa.
>
> The problem is this: without an ip-address entry in nsd.conf, responses
> are sent from the management address (10.0.0.2) since that is the
> "primary" interface of the host. I can fix this during normal operations
> by adding an ip-address entry for 10.0.0.3.
>
> However, during failover, queries sent to 10.0.0.5 will be answered with
> the wrong source address. Again, I could fix this using an ip-address entry.
>
> But - when the machine boots, this IP address isn't assigned to hostA,
> so if it appears in nsd.conf, NSD will refuse to start. BIND (which I'm
> using on hostB) doesn't have this problem.
>
> Has anyone else solved this problem? Or do I need to write scripts to
> munge nsd.conf and restart it during failover/failback?
You could probably do something along the lines of[*]:
ip rule add fwmark 53 table table53
iptables -t mangle -A PREROUTING -p all --sport 53 -j MARK --set-mark 53
ip route add default via 10.0.0.x dev eth0 table table53 src 10.0.0.3
Although if you failover the nsd service itself, shouldn't you be able
to use the 10.0.0.3 in its config file?
Paul
[*] untested :)
More information about the nsd-users
mailing list