-
-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default interfaces on multi-homed servers #12
Comments
Aha, I figured out what is happening. Unbound is replying from the wrong interface. When Unbound is configured to listen on any interface ( This is referenced in a question on the Unbound mailing list from September 2011: The recommended solution is to explicitly list each interface. Then Unbound will reply using the same interface that it received the request on, instead of using the wildcard ( Also note that the option Going based on my own experience, the expected behavior is that Unbound should work on all interfaces unless otherwise specified. (Principle of least astonishment) Here are the options as I see them.
|
Most Linux distributions support a dual IP stack, with IPv6 as the default. |
I believe this issue has been addressed by the inclusion of the |
I ran into a strange problem today with Unbound while using this module. I'm not sure whether this is a configuration problem or a bug, so I'm reporting it here first.
On a server with two IP addresses, I had to explicitly list both IP addresses in unbound.conf before Unbound would answer queries on the second address. This ran counter to my expectation that I could set
interface: 0.0.0.0
to listen on all IP addresses.One possible solution is changing this module to explicitly list all IP addresses as listening interfaces in unbound.conf.
Before making that change, it would be prudent to:
The full story
My server had Unbound installed and configured to listen on "0.0.0.0" interface. It was successfully responding to DNS queries for other hosts as defined by the
access-control
directive, even on different subnets.Then I added a second IP address to the server as a virtual interface (
eth0:0
). Strangely, Unbound refused to answer DNS queries on this second IP address, even after restarting the service. Running netstat -tapn confirmed that Unbound was listening on0.0.0.0:53
.Then I explicitly listed each local IP address in
unbound.conf
and restarted Unbound. At that point, the server successfully responded to DNS queries as expected.I'm using Scientific Linux 6.4, and the version of Unbound is 1.4.19 from EPEL.
The text was updated successfully, but these errors were encountered: