[nsd-users] Multi-homed server UDP packets wrong interface
Robert Blayzor
rblayzor.bulk at inoc.net
Tue Jun 28 17:31:15 UTC 2022
The issue we had was some asymmetric routing where the packet coming
into the server didn't always match the interface going out. So the
reply would be sent from a different source address.
I think with Unbound it will source the IP on the interface it received
the request on, or at least that knob exists. With NSD it's possible the
UDP reply comes from the wrong source address. TCP works fine.
I did work around this by limiting which interfaces NSD was bound to,
but that's only part of the solution. It would use the correct SOURCE
IP, but the OS would still try to use the routing table and send it out
the wrong interface.
I know, it's a unique case. This was on a FreeBSD server, so the final
solution was to use IPFW to set the next-hop manually rather than rely
on the default route.
On 6/28/22 03:50, Jeroen Koekkoek wrote:
> NSD currently does support the bindtodevice socket option, which should
> get you the desired result(?) The option causes NSD to bind the socket
> to the device that has it assigned. It's an attribute of the ip-address
> configuration option and you can set it like so:
>
> ip-address: 1.2.3.4 bindtodevice=yes
>
> Let me know if it works for you. As for the IP_PKTINFO option, I've
> created a GitHub issue:https://github.com/NLnetLabs/nsd/issues/217.
More information about the nsd-users
mailing list