On Fri, 2008-07-25 at 18:12 -0600, Ed Brown wrote: > Chris Adams wrote: > > Once upon a time, Ed Brown <[EMAIL PROTECTED]> said: > >> With all due respect, this is crazy talk. ;-) It's circular logic, > >> or something. When a dns reply (or http reply, or echo reply, etc) is > >> queued for delivery, it does not HAVE a source address. > > > > A reply almost always does (because it is a reply on an existing socket, > > which is associated with a single local address). Outgoing requests > > typically just bind to INADDR_ANY, but some software (such as IIRC BIND) > > bind to each address individually. > > Daniel's problem is that DNS replies to requests that come in one > interface (the one lacking a default route), are being returned from a > different interface. How does that fit with what you say here?
Because the initial request has to come in as a TCP or UDP request. That means there is a unique association of IP address and port. The reply HAS to come from the same IP and port that the request was made from thus routing with the source IP is totally valid. If the DNS server just randomly replied to the request from an IP address different than the one the client requested it on how exactly would the client (the initial requester) even know that the reply came from the right server. In other words, it's very simple, the DNS server is replying to an already open connection thus it does indeed have a source address for the reply. > My basic contention here is that policy routing is for routers. It > can't help Daniel, it can't help anyone with multi-homed server > routing issues. Am I wrong? Yes, you are wrong. It works just fine even on multi-homed servers that do not route and is quite easy to prove. Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
