[nsd-users] Question about response source address and dynamic interfaces
Gavin Brown
gavin.brown at centralnic.com
Fri Aug 17 14:11:32 UTC 2012
This solution might work for Linux, but not FreeBSD. I could switch the
daemons round and run BIND on the FreeBSD box and NSD on the Linux box,
but that just seems like a cop-out.
It'd be nice if NSD had a way to reload its configuration without
restarting.
G.
On 16/08/2012 16:16, Paul Wouters wrote:
> On Thu, 16 Aug 2012, Gavin Brown wrote:
>
>> I have a FreeBSD box (hostA) running NSD. It has a management address
>> (10.0.0.2) and a service address (10.0.0.3). It is part of a clustered
>> pair with a Linux machine (hostB) that has a management address
>> (10.0.0.4) and a service address (10.0.0.5). DNS queries are sent to the
>> two service addresses. Heartbeat is used to co-ordinate the pairs: if
>> hostB goes offline, then the service address (10.0.0.5) is brought up on
>> hostA so that it can answer queries, and vice versa.
>>
>> The problem is this: without an ip-address entry in nsd.conf, responses
>> are sent from the management address (10.0.0.2) since that is the
>> "primary" interface of the host. I can fix this during normal operations
>> by adding an ip-address entry for 10.0.0.3.
>>
>> However, during failover, queries sent to 10.0.0.5 will be answered with
>> the wrong source address. Again, I could fix this using an ip-address
>> entry.
>>
>> But - when the machine boots, this IP address isn't assigned to hostA,
>> so if it appears in nsd.conf, NSD will refuse to start. BIND (which I'm
>> using on hostB) doesn't have this problem.
>>
>> Has anyone else solved this problem? Or do I need to write scripts to
>> munge nsd.conf and restart it during failover/failback?
>
> You could probably do something along the lines of[*]:
>
> ip rule add fwmark 53 table table53
>
> iptables -t mangle -A PREROUTING -p all --sport 53 -j MARK --set-mark 53
>
> ip route add default via 10.0.0.x dev eth0 table table53 src 10.0.0.3
>
> Although if you failover the nsd service itself, shouldn't you be able
> to use the 10.0.0.3 in its config file?
>
> Paul [*] untested :)
--
Gavin Brown
Chief Technology Officer
CentralNic Ltd
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/
CentralNic Ltd is a company registered in England and Wales with company
number 4985780. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.
More information about the nsd-users
mailing list