[nsd-users] Wrong source IP for reply if 'ip-address' is not specified
Paul Wouters
paul at nohats.ca
Wed Dec 13 21:26:02 UTC 2017
On Wed, 13 Dec 2017, Anand Buddhdev wrote:
>> If I don’t specify the IP addresses on which NSD should bind, the IP
>> address used for the reply is the one attached to interface instead of
>> the one the request is destined.
>
> This is normal behaviour. On a server with multiple interfaces and
> addresses, it is best if you explicitly specify all the addresses to
> which NSD should bind.
We have a different opinion on what is "normal behaviour". I believe the
normal behaviour is to reply using the IP address you received the
packet from, eg using:
err = setsockopt(s, SOL_IP, IP_PKTINFO, &opt, sizeof(opt));
or
err = setsockopt(s, IPPROTO_IP, IP_RECVDSTADDR, &opt, sizeof(opt));
For example: https://github.com/libreswan/libreswan/blob/master/programs/pluto/udpfromto.c
I assumed nsd would do this....
Paul
More information about the nsd-users
mailing list