there was a question regarding to DNS response against this kind of
query:
(src=x dst=anycast)
needs to have anycast source address or not.
from RFC2181, it is legal to use non-anycast address for response.
and for the resolver side (implementation issue):
- BIND8 resolver checks source address match by default, but can easily
turned off by RES_INSECURE2 flag bit on res.options.
- MS windows DNS resolver does not (correct me if I'm wrong about this).
itojun
---
4.1. UDP Source Address Selection
To avoid these problems, servers when responding to queries using UDP
must cause the reply to be sent with the source address field in the
IP header set to the address that was in the destination address
field of the IP header of the packet containing the query causing the
response. If this would cause the response to be sent from an IP <-
address that is not permitted for this purpose, then the response may <-
be sent from any legal IP address allocated to the server. That <-
address should be chosen to maximise the possibility that the client
will be able to use it for further queries. Servers configured in
such a way that not all their addresses are equally reachable from
all potential clients need take particular care when responding to
queries sent to anycast, multicast, or similar, addresses.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
