I'm trying to use unbound in combination with vrrp/keepalived.
The use of floating ips, would require an unbound restart every
time an ip moves from one host to another.
For ipv4 linux has the ip.nonlocal_bind sysctl to allow binding
to non-local ips, however ipv6 has no such sysctl.
NSD has the ip-transparent option to set the sockopt to make
non-local binding possible, unbound doesn't seem to support
a similar feature.
Would a patch adding support for this feature be accepted?
A very crude, but works-for-me diff is included below.
(this is based on 1.4.22, but 1.5 seems to be pretty similar)
--- services/listen_dnsport.c.orig 2014-02-14 10:50:25.000000000 +0100
+++ services/listen_dnsport.c 2015-02-10 10:38:29.993665452 +0100
@@ -173,6 +173,13 @@
#else
(void)reuseport;
#endif /* defined(__linux__) && defined(SO_REUSEPORT) */
+#ifdef IP_TRANSPARENT
+ if (setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
+ (socklen_t)sizeof(on)) < 0) {
+ log_warn("setsockopt(.. IP_TRANSPARENT ..) failed:
%s",
+ strerror(errno));
+ }
+#endif /* IP_TRANSPARENT */
}
if(rcv) {
#ifdef SO_RCVBUF
@@ -517,6 +525,13 @@
#else
(void)v6only;
#endif /* IPV6_V6ONLY */
+#ifdef IP_TRANSPARENT
+ if (setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
+ (socklen_t)sizeof(on)) < 0) {
+ log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
+ strerror(errno));
+ }
+#endif /* IP_TRANSPARENT */
if(bind(s, addr->ai_addr, addr->ai_addrlen) != 0) {
#ifndef USE_WINSOCK
/* detect freebsd jail with no ipv6 permission */
--
Sten Spans
"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
