[nsd-users] NSD not reachable over IPv6 without ip-address option

Pim Kunis pim at kunis.nl
Sat Jan 7 14:03:53 UTC 2023 

Hi Anand,

Thank you for your reply, I understand the problem better now. I used 
Wireshark and indeed the packets were being returned from the wrong 
address. For some reason, my server is getting a second globally 
routable /128 IPv6 address in the prefix that is advertised by my 
router. Would you happen to know what could be causing this?

Curiously, if I tell NSD to use my main NIC, which has two global IPv6 
addresses as said above, it will always pick the correct one (so not the 
/128 one).

Thank you,

Pim Kunis

On 07-01-2023 10:39, Anand Buddhdev wrote:
> Hi Pim,
>
> This issue comes up quite frequently.
>
> If you don't configure NSD to bind to a specific IPv6 address, then 
> when it is constructing a DNS response packet, it doesn't set the 
> source address in it. It passes the packet to the OS, which then 
> selects a route for the packet, and sets the source address 
> appropriate for that route. If you have multiple interfaces on the 
> server, or multiple IPv6 addresses on an interface, then the OS can 
> pick the wrong one, and the client will receive a DNS reply from an 
> address it wasn't expecting, and probably discard it.
>
> It is good practice to make your NSD server bind explicitly to the 
> addresses that it's supposed to listen to and reply from.
>
> Regards,
> Anand
>
> On 06/01/2023 18:41, Pim Kunis via nsd-users wrote:
>> Hi,
>>
>> I have a dual-stack IPv4/IPv6 server on which I run NSD. However, 
>> without adding the "ip-address" option in nsd.conf, NSD does not 
>> respond to IPv6 queries. It does respond to IPv4 queries. Also, it 
>> does respond to requests from the same machine to ::1.
>>
>> Below you can see that the NSD is indeed listening to UDP port 53 on 
>> IPv6 on the wildcard address:
>>
>>> root at lewis:/etc/nsd# ss -ulpn sport inet6:53
>>> State                 Recv-Q Send-Q Local 
>>> Address:Port                                 Peer 
>>> Address:Port                Process
>>> UNCONN                0 0 [::]:53 [::]:* users:(("nsd: server 
>>> 4",pid=16052,fd=4),("nsd: server 3",pid=16051,fd=4),("nsd: server 
>>> 2",pid=16050,fd=4),("nsd: server 1",pid=16049,fd=4),("nsd: 
>>> main",pid=16048,fd=4),("nsd: xfrd",pid=16046,fd=4))
>>
>> Does anybody know what could be the problem?
>>
>> Kind regards,
>>
>> Pim Kunis

More information about the nsd-users mailing list