Hi Andreas,
On 18/04/2025 23:28, A. Schulze via nsd-users wrote:
I added #437 to my build. It works, somehow...
I cannot imagine a scenario for any (resolver?) software to implicitly
send a SOA probe over UDP to port 853 / not port 53
Could you clarify this, please?
Unbound is an example when configured with auth zones, it will send the
SOA prove over UDP before starting a zone transfer.
There is also a difference to the same solution for that problem in
unbound:
While "netstat -lnpu" does not show open UDP sockets for DoT and DoH on
unbound, NSD is different:
"netstat -lnpu" shows an open Port for Do53 and DoT. Do53/UDP does
timeout on Port 853, though.
Just to be clear with terminology (Do53 does not help if the port is not
53 :), you want to say that when a #437-patched NSD is configured for
TLS over port 853 you expect to see only TCP open on 853 but you also
see UDP open on 853?
If that is the case, the PR also needs more work apparently :)
It looks like #437 works very different the the code implemented in
unbound.
Unbound and NSD are very different on how they setup listening interfaces.
Best regards,
-- Yorgos
_______________________________________________
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
