[yadifa-users] source address selection for UDP responses

Eric Diaz Fernandez Eric.Diaz.Fernandez at eurid.eu
Wed Aug 28 15:05:50 CEST 2019


Dead Mr Darilion,



Thank you for reporting these issues to us.  The IPv6 interfaces are meant to behave exactly like the IPv4 ones.

For the "workaround", we are using IPV6_PKTINFO and IP_PKTINFO respectively.  This allows us to get the destination address and use it back when sending.


We were able to reproduce the IPv6 issue and may have a fix for Linux.  We still need to test with several distributions and configurations to confirm it though.


The loopback issue doesn't occur on all Linux distributions.  We still have to find what is the relevant difference between them.



Best regards,



Eric Diaz Fernandez


________________________________
From: yadifa-users <yadifa-users-bounces at mailinglists.yadifa.eu> on behalf of Klaus Darilion <klaus.darilion at nic.at>
Sent: Thursday, August 22, 2019 5:16:06 PM
To: yadifa-users at mailinglists.yadifa.eu
Subject: [yadifa-users] source address selection for UDP responses


Hi!



I know there are two different ways for source address selection of UDP responses. For example NSD requires to explicitely bind to all IP addresses to ensure that the response come from the same IP address as the request was sent to. On the other hand, Bind or PowerDNS also allow to bind to 0.0.0.0 and the name server has "work arounds" to set the proper source IP address for responses.



a) Yadifa seems to have a mix of this implemented. With listen=0.0.0.0,:: Yadifa will use the proper (the destination of the query) IP address as source for responses for IPv4 queries. But for IPv6 not - responses may come from different IP address as the request was sent to. Hence, it seems that Yadifa implemented a "workaround" for IPv4 but not for IPv6. IMO Yadifa should implement it for both or not at all.



b) When sending a query to Yadifa from the host itself, it does not work when the source IP address is 127.0.0.1. Ie.

dig @ip.address.of.eth0 www.mydomain.com<http://www.mydomain.com> -b 127.0.0.1

tcpdump reveals that Yadfifa's response from ip.address.of.eth0 to 127.0.0.1 is sent out via eth0 instead of lo. This is a strange behavior (I would not call it a bug) which I think is related to the above described "workaround" for IPv4. So, I am curios which code do you use for src Ip selection which causes the answer to 127.0.0.1 to be routed via eth0.



Thanks

Klaus




-------------- next part --------------
An HTML attachment was scrubbed...
URL: </archives/yadifa-users/attachments/20190828/94bd0fe6/attachment.html>


More information about the yadifa-users mailing list