BIND-8/9 interface bug? Or is it FreeBSD?
JINMEI Tatuya /神明達哉
jinmei at isl.rdc.toshiba.co.jp
Sat Apr 19 09:04:05 PDT 2003
>>>>> On Fri, 18 Apr 2003 23:48:01 -0700,
>>>>> Jeremy Chadwick <freebsd at jdc.parodius.com> said:
> The secondary is configured literally identical to the
> primary, except that the IPs have changed and _all_ of
> the zones are type slave.
> I see the exact same problem on the secondary (again,
> outgoing traffic on the public interface with an IP of
> the private), except that the src & dst IPs apply to
> the private IP on the secondary and the WAN IP of the
> primary, respectively. Sorry if that's confusing. :-)
> I believe removing the query-source option could in fact
> solve the problem, but there is a specific reason for it's
> existance -- we rely on the MAPS RBL+ service for SBL lookups,
> which are DNS based. Permission to the RBL+ service is based
> on the IP doing the query. Since the nameserver IPs are
> IP aliases, if I do not specify this, the queries come from
> the first IP in the list shown in ifconfig -a.
> If there's a workaround for this, I'd love to hear it. :-)
I guess the query from the client that caused the problem was the SOA
check before zone transfer. If this is correct, you can control the
source address of such queries with BIND 9's transfer-source. So,
please try:
1. install BIND 9 at the secondary server.
2. add the following in the zone statement for which the secondary
serves:
transfer-source 10.0.0.2;
I don't know the reason for the error at the secondary side.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
jinmei at isl.rdc.toshiba.co.jp
More information about the freebsd-net
mailing list