[yadifa-users] source address selection for UDP responses
klaus.darilion at nic.at
Thu Aug 22 17:16:06 CEST 2019
I know there are two different ways for source address selection of UDP responses. For example NSD requires to explicitely bind to all IP addresses to ensure that the response come from the same IP address as the request was sent to. On the other hand, Bind or PowerDNS also allow to bind to 0.0.0.0 and the name server has "work arounds" to set the proper source IP address for responses.
a) Yadifa seems to have a mix of this implemented. With listen=0.0.0.0,:: Yadifa will use the proper (the destination of the query) IP address as source for responses for IPv4 queries. But for IPv6 not - responses may come from different IP address as the request was sent to. Hence, it seems that Yadifa implemented a "workaround" for IPv4 but not for IPv6. IMO Yadifa should implement it for both or not at all.
b) When sending a query to Yadifa from the host itself, it does not work when the source IP address is 127.0.0.1. Ie.
dig @ip.address.of.eth0 www.mydomain.com<http://www.mydomain.com> -b 127.0.0.1
tcpdump reveals that Yadfifa's response from ip.address.of.eth0 to 127.0.0.1 is sent out via eth0 instead of lo. This is a strange behavior (I would not call it a bug) which I think is related to the above described "workaround" for IPv4. So, I am curios which code do you use for src Ip selection which causes the answer to 127.0.0.1 to be routed via eth0.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the yadifa-users