[yadifa-users] listening on non-local interfaces

Jürgen Geinitz geinitz at denic.de
Mon Oct 19 09:32:20 CEST 2015 

Ah,
there's a difference in operating. We don't take down the dummy 
interfaces, we just tell the router/balancer not to feed this site any 
more (making use of the priviledge that one location has at least two 
physical servers). We can even take down the interfaces (dummy and eth1) 
as a whole because data, maintainance and update are feed through a 
pyhsical different interface. Therefore you won't see an outage on the 
location even if we do a re-install of the whole machine.

best regards
Juergen

PS.: and yes 0.0.0.0 and :: are no options. The security officer would 
kill me if he finds out during a security scan ;-)

yadifa-users-bounces at mailinglists.yadifa.eu schrieb am 19.10.2015 
09:00:04:

> Von: Peter Hudec <phudec at cnc.sk>
> An: <yadifa-users at mailinglists.yadifa.eu>
> Datum: 19.10.2015 09:00
> Betreff: Re: [yadifa-users] listening on non-local interfaces
> Gesendet von: yadifa-users-bounces at mailinglists.yadifa.eu
> 
> Hi,
> 
> so do I.
> But the BGP is configured to work with the addresses on the interfaces.
> If the interface is up, the bgp annouces the IPv4/6 prefix, if down 
don't.
> 
> So if I do some maintenance, I put the dummyX interfaces down. This 
works well, but if I restart the DNS process it will not start
> due missing ip addresses to listen.
> 
> I can't use 0.0.0.0 or ::0 while the Yadifa/the same the others dns 
servers/ is using send/receive function,This will choose the 
> primary IP of outgoing interface for udp/dns response messages.
> 
> There are few other solutions when listening on 0.0.0.0, ::0
> 
> Use  sendmsg/ recvfrom as for example here 
http://www.opensource.apple.com/source/freeradius/freeradius-32/freeradius/src/lib/udpfromto.c
. 
> 
> Enumerate interfaces as BIND do and bind to specific interface. Debain 
scripts do 'reload' on ifup/ifdown and the BIND will bind/
> unbind the address. 
> 
> But I think adding listen to non-local interfaces is much more simpler.
> 
>     best regards
>         Peter
> 
> On 19/10/15 08:10, Jürgen Geinitz wrote:
> Hello,
> to speak for .DE, we are using dummy network devices to solve this
> 
:
: deleted
:
> yadifa-users mailing list
> yadifa-users at mailinglists.yadifa.eu
> http://www.yadifa.eu/mailman/listinfo/yadifa-users

> 

> -- 
> Peter Hudec
> Infraštruktúrny architekt
> phudec at cnc.sk
> CNC, a.s.
> Borská 6, 841 04 Bratislava
> Recepcia: +421 2  35 000 100
> Mobil:+421 905 997 203
> www.cnc.sk_______________________________________________
> yadifa-users mailing list
> yadifa-users at mailinglists.yadifa.eu
> http://www.yadifa.eu/mailman/listinfo/yadifa-users

-- 
-------------------------
Juergen Geinitz

DENIC eG
Kaiserstr. 75-77
D-60239 Frankfurt am Main
Fon +49 69 27235 179
Fax +49 69 27235 235
geinitz at denic.de
www.denic.de
PGP-KeyID: 0xC42163B4 , Fingerprint: 6CC9 A263 12ED B9Be 69B5 9487 F80E 
7392 C421 63B4

Sitz: Frankfurt am Main
Eingetragen unter Nr. 770 im Genossenschaftsregister beim Amtsgericht 
Frankfurt am Main
Vorstand: Helga Krüger, Andreas Musielak, Carsten Schiefner, Dr. Jörg 
Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 8310 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.yadifa.eu/archives/yadifa-users/attachments/20151019/42620a80/attachment.bin

More information about the yadifa-users mailing list