Re: Lookup failures

Fri, 13 Sep 2024 08:16:03 -0700 

Hi Steven.
As you said, `listen-on {...;};` tells BIND which addresses to register for
incoming traffic. This can be a list, not just one address. Any query
received on (say) 10.0.0.1 will be responded to from the same address.

It is possible to choose which address to use for outgoing queries/fetches
as well, using `query-source address ...;`, which in the past I have used
and made different from the listen-on address(es) so that I can tell in
packet captures what is what. Also it's handy for firewall rules, keeping
client<>resolver traffic on different addresses from resolver<>world
traffic.

Is that what you wanted to know?
Cheers, Greg

On Fri, 13 Sept 2024 at 15:14, Steven Shockley <steve.shock...@shockley.net>
wrote:

> On 9/12/2024 9:20 PM, Steven Shockley wrote:
> > I'll try to run some tcpdumps inbound and outbound tomorrow, traffic
> > should be pretty light.
>
> I did find something interesting that may or may not be related.
>
> The machine is also the Internet gateway.  One NIC has a vlan interface
> for each network; there's also a Cisco switch that routes between
> subnets.  The client-to-bind traffic routes via the Cisco switch, but
> BIND sends the response via the direct vlan interface.
>
> Bad ASCII art:
>
> Query:
> client --> (vlan102) --> switch --> (vlan101) --> DNS
>
> Response:
> DNS --> (vlan102) --> client
>
> Is there a way to tell BIND to listen (and respond) on a specific
> interface?  I already have listen-on { 10.0.0.1; }; (vlan101 IP) in the
> config with nothing else listening.
>
> I guess there's nothing technically wrong with this, but it does make it
> harder to troubleshoot.
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to