Again, the problem here is that perfectly valid configuration lines in /etc/named.conf would cause serious trouble.
BIND 9.16.1.+ DNS admins should be aware of it. So that's the reason I wrote this post. Regards, <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Libre de virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> El lun, 25 ene 2021 a las 14:33, Matus UHLAR - fantomas (<uh...@fantomas.sk>) escribió: > On 25.01.21 14:05, Bernardo wrote: > >Yes. This causes serious problems. > > > >The problem is that these perfectly valid configuration lines in > >/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of > >your DNS server, it doesn't matter if it is a primary or secondary) will > >cause you a lot of trouble. > > > >query-source address 192.168.10.100; > >notify-source 192.168.10.100 port 53; > >transfer-source 192.168.10.100 port 53; > > > >These configuration lines will cause you problems as described in my post > ( > >BIND ignores "packets received correctly" ) from January 2020. > > > >It seems that this is a know issue since BIND 9.16.1 version: UDP network > >ports used for listening can no longer simultaneously be used for sending > >traffic. > > which means, that the "port 53" is what causes problems and the rest can > stay there. > > If you only have interace address "192.168.10.100" (except loopback, if > course), or if that is the primary address of your interface, those > defitions are useless, otherwise you should keep them there. > > >El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas (< > uh...@fantomas.sk>) > >escribió: > > > >> On 23.01.21 12:44, Bernardo wrote: > >> >Finally I've found the solution. > >> >The problem seems to be caused by a known issue since BIND version > 9.16.1 > >> > > >> >Commenting out these lines in /etc/named.conf solves the issue: > >> > > >> >query-source address 192.168.10.100; > >> >notify-source 192.168.10.100 port 53; > >> >transfer-source 192.168.10.100 port 53; > >> > >> this should not cause a problem and may cause troubles when > 192.168.10.100 > >> is not the primary address. > >> > >> the "port 53" is usually useless (unless you have stateless firewall) > and > >> may be what caused your problem. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Fucking windows! Bring Bill Gates! (Southpark the movie) > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Bernardo
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
