On 12/26/2016 01:47 PM, Yuri Schaeffer wrote:
> I'm not in the position to dive in to the code right now. But I might
> have a hunch which might help you debug. It sounds like from what I
> gather from your reports ODS has trouble selecting the right outgoing
> interface (That's why it doesn't show up dumping lo, and that's why
> sendto says invalid arguments).
>
> Please take a look at the Signer/listener section in conf.xml and check
> which interfaces you have configured. There has been some 'gotchas' in
> the past in having multiple interfaces where the OS would select the
> wrong outgoing interface if more than 1 had a route to the destination.
> Resulting in the wrong source address on the outgoing packet. Maybe one
> of our fixes has bitten you?
Perhaps ... I'd been looking at the bound src addresses, or trying to, until I
got side tracked by that^ error-logging bug ...
In my latest/current stab at this, I've two physical boxes:
(1) bind9 (hidden primary)
listens on 10.1.1.53:53, 127.0.0.1:53
ods2
currently configured to listen on two interfaces (I've also
tried with just one ...), port 15354
cat conf.xml
...
<Signer>
<Listener>
<Interface>
<Address>127.0.0.1</Address>
<Port>15354</Port>
</Interface>
<Interface>
<Address>10.1.1.53</Address>
<Port>15354</Port>
</Interface>
</Listener>
<Privileges>
<User>opendnssec</User>
<Group>opendnssec</Group>
</Privileges>
<WorkingDirectory>/var/opendnssec/signer</WorkingDirectory>
<WorkerThreads>4</WorkerThreads>
</Signer>
...
(2) nsd4 (secondary)
listens on 10.2.2.53:53
comms 'tween the two are over a VPN link. without ods2, it's worked this way
for ages.
bind9 comms via AXFR+NOTIFY to the nsd4 secondary, etc.
firewall/routes are setup so that from the primary-box to the secondary-box,
telnet 10.2.2.53 53
Trying 10.2.2.53...
Connected to 10.2.2.53.
Escape character is '^]'.
and in the other direction, from the secondary to the primary
telnet 10.1.1.53 15354
Trying 10.1.1.53...
Connected to 10.1.1.53.
Escape character is '^]'.
I'm changing stuff all over the place atm, trying to figure out what's
happening, or not :-/ So certainly open to any suggestions re: config.
Also, I'm trying to prove to myself that the bug report is (1) real, and (2)
whether it only effects LOGGING or is hiding an actual UDP
packet-assembly/content problem
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
