[nsd-users] Question about response source address and dynamic interfaces

Gavin Brown gavin.brown at centralnic.com
Fri Aug 17 14:11:32 UTC 2012

This solution might work for Linux, but not FreeBSD. I could switch the
daemons round and run BIND on the FreeBSD box and NSD on the Linux box,
but that just seems like a cop-out.

It'd be nice if NSD had a way to reload its configuration without


On 16/08/2012 16:16, Paul Wouters wrote:
> On Thu, 16 Aug 2012, Gavin Brown wrote:
>> I have a FreeBSD box (hostA) running NSD. It has a management address
>> ( and a service address ( It is part of a clustered
>> pair with a Linux machine (hostB) that has a management address
>> ( and a service address ( DNS queries are sent to the
>> two service addresses. Heartbeat is used to co-ordinate the pairs: if
>> hostB goes offline, then the service address ( is brought up on
>> hostA so that it can answer queries, and vice versa.
>> The problem is this: without an ip-address entry in nsd.conf, responses
>> are sent from the management address ( since that is the
>> "primary" interface of the host. I can fix this during normal operations
>> by adding an ip-address entry for
>> However, during failover, queries sent to will be answered with
>> the wrong source address. Again, I could fix this using an ip-address
>> entry.
>> But - when the machine boots, this IP address isn't assigned to hostA,
>> so if it appears in nsd.conf, NSD will refuse to start. BIND (which I'm
>> using on hostB) doesn't have this problem.
>> Has anyone else solved this problem? Or do I need to write scripts to
>> munge nsd.conf and restart it during failover/failback?
> You could probably do something along the lines of[*]:
> ip rule add fwmark 53 table table53
> iptables -t mangle -A PREROUTING -p all --sport 53 -j MARK --set-mark 53
> ip route add default via 10.0.0.x dev eth0 table table53 src
> Although if you failover the nsd service itself, shouldn't you be able
> to use the in its config file?
> Paul [*] untested :)

Gavin Brown
Chief Technology Officer
CentralNic Ltd
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries

CentralNic Ltd is a company registered in England and Wales with company
number 4985780. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.

More information about the nsd-users mailing list