[Unbound-users] Source address selection for replies
Alexander Gall
gall at switch.ch
Wed Jan 16 11:35:59 UTC 2008
On Tue, 15 Jan 2008 17:00:42 +0100, Wouter Wijngaards <wouter at NLnetLabs.nl> said:
> In http://unbound.net/downloads/unbound-0.9-20080115.tar.gz
> you can find a snapsnot from dev trunk with the option called
> interface-automatic: yes
> It is tested and works on (recent)FreeBSD, linux, Solaris, and MacOSX.
> Note that this is a snapshot from trunk since the changes are
> substantial, and required lots of porting effort. Please consider that
> this version has access-control, and you will need to configure access
> control (only localhost enabled by default). It also has AS112 blocking,
> which may be nice for you, and limited authority support. Please ignore
> the unbound-as-a-library development code in there, it is not done.
Thanks. It compiles fine on Linux, but only when I use LIBS="-lldns
-lcrypto" with make. I didn't track this down in the Makefile, but
these options appear to be missing in some linker rules. The 0.7.2
release only required LIBS=-ldns.
> Can you try this Alexander? Tell me if it works or not :-)
The code seems to work on Linux (kernel 2.6.12, glibc 2.3.6) as
expecyed. Great!
However, the query replies still use the wrong source address if the
query was directed to a loopback address. This is a bit orthogonal to
the issue with the sockets, but I believe you need to *always* request
the source address specifically and not rely on the kernel source
address selection as dicussed earlier.
Interestingly, I see a single socket for UDP but two for TCP (IPv4,
IPv6). Just wondering why.
--
Alex
More information about the Unbound-users
mailing list