Re: [SOLVED] Re: bind listening on UDP port 53 using 2 fd

2021-01-25 Thread Matus UHLAR - fantomas 

On 25.01.21 14:05, Bernardo wrote:

Yes. This causes serious problems.

The problem is that these perfectly valid configuration lines in
/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of
your DNS server, it doesn't matter if it is a primary or secondary) will
cause you a lot of trouble.

query-source address 192.168.10.100;
notify-source 192.168.10.100 port 53;
transfer-source 192.168.10.100 port 53;

These configuration lines will cause you problems as described in my post (
BIND ignores "packets received correctly" ) from January 2020.

It seems that this is a know issue since BIND 9.16.1 version: UDP network
ports used for listening can no longer simultaneously be used for sending
traffic.


which means, that the "port 53" is what causes problems and the rest can
stay there.

If you only have interace address "192.168.10.100" (except loopback, if
course), or if that is the primary address of your interface, those
defitions are useless, otherwise you should keep them there.


El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas ()
escribió:


On 23.01.21 12:44, Bernardo wrote:
>Finally I've found the solution.
>The problem seems to be caused by a known issue since BIND version 9.16.1
>
>Commenting out these lines in /etc/named.conf solves the issue:
>
>query-source address 192.168.10.100;
>notify-source 192.168.10.100 port 53;
>transfer-source 192.168.10.100 port 53;

this should not cause a problem and may cause troubles when 192.168.10.100
is not the primary address.

the "port 53" is usually useless (unless you have stateless firewall) and
may be what caused your problem.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [SOLVED] Re: bind listening on UDP port 53 using 2 fd

2021-01-25 Thread Bernardo 
Hi Matus,

Yes. This causes serious problems.

The problem is that these perfectly valid configuration lines in
/etc/named.conf file (provided that 192.168.10.100 is the IPv4 address of
your DNS server, it doesn't matter if it is a primary or secondary) will
cause you a lot of trouble.

query-source address 192.168.10.100;
notify-source 192.168.10.100 port 53;
transfer-source 192.168.10.100 port 53;

These configuration lines will cause you problems as described in my post (
BIND ignores "packets received correctly" ) from January 2020.

It seems that this is a know issue since BIND 9.16.1 version: UDP network
ports used for listening can no longer simultaneously be used for sending
traffic.

Prior to this BIND version these very same configuration lines worked fine.

As I said, I hope this warning helps someone else to avoid loosing a lot of
time trying to find out what is happening to their DNS servers running BIND
9.16.1+

Regards,


Libre
de virus. www.avast.com

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

El lun, 25 ene 2021 a las 11:13, Matus UHLAR - fantomas ()
escribió:

> On 23.01.21 12:44, Bernardo wrote:
> >Finally I've found the solution.
> >The problem seems to be caused by a known issue since BIND version 9.16.1
> >
> >Commenting out these lines in /etc/named.conf solves the issue:
> >
> >query-source address 192.168.10.100;
> >notify-source 192.168.10.100 port 53;
> >transfer-source 192.168.10.100 port 53;
>
> this should not cause a problem and may cause troubles when 192.168.10.100
> is not the primary address.
>
> the "port 53" is usually useless (unless you have stateless firewall) and
> may be what caused your problem.
>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Support bacteria - they're the only culture some people have.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
Bernardo
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: [SOLVED] Re: bind listening on UDP port 53 using 2 fd

2021-01-25 Thread Matus UHLAR - fantomas 

On 23.01.21 12:44, Bernardo wrote:

Finally I've found the solution.
The problem seems to be caused by a known issue since BIND version 9.16.1

Commenting out these lines in /etc/named.conf solves the issue:

query-source address 192.168.10.100;
notify-source 192.168.10.100 port 53;
transfer-source 192.168.10.100 port 53;


this should not cause a problem and may cause troubles when 192.168.10.100
is not the primary address.

the "port 53" is usually useless (unless you have stateless firewall) and
may be what caused your problem.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users