Maintained by: NLnet Labs

[Unbound-users] Source address selection for replies

Wouter Wijngaards
Tue Jan 15 17:00:42 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alexander,

In http://unbound.net/downloads/unbound-0.9-20080115.tar.gz
you can find a snapsnot from dev trunk with the option called
	interface-automatic: yes
It is tested and works on (recent)FreeBSD, linux, Solaris, and MacOSX.

Note that this is a snapshot from trunk since the changes are
substantial, and required lots of porting effort. Please consider that
this version has access-control, and you will need to configure access
control (only localhost enabled by default). It also has AS112 blocking,
which may be nice for you, and limited authority support. Please ignore
the unbound-as-a-library development code in there, it is not done.

Can you try this Alexander? Tell me if it works or not :-)

Best regards,
~   Wouter

Wouter Wijngaards wrote:
| Alexander Gall wrote:
| | On Fri, 11 Jan 2008 15:39:03 +0100, Wouter Wijngaards
| <wouter at NLnetLabs.nl> said:
| | I think the new dual-stack socket API introduced for IPv6 should take
| | care of all of this.  You should be able to do an anonymous (wildcard)
| | bind on a single socket (IPv4 addresses will be represented as IPv6
| | addresses in the "mapped" format).  The source address is available
| | through ancillary data from the socket.  The beauty of it is that you
| | don't have to worry about interfaces at all and you should pick up new
| | interfaces automatically.
| |
| | Unfortunatley, some operating systems do not support this or require a
| | global configuration or a socket option to fully use this mechanism.
| | But I think it is the way to go on all systems that support it.
|
| That is really nice, but the support may be hard. even the 'mapped' is
| done wrong on some OSes I believe. Could be an option, but its hard to
| enable by default, I'll look into it.
|
| Best regards,
| ~   Wouter
|
|
_______________________________________________
Unbound-users mailing list
Unbound-users at unbound.net
http://unbound.net/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHjNiqkDLqNwOhpPgRAgh+AKCtCTRZ5EzoPjQEfIgXqbITGMKRPACfSEZX
fEObAe0JOPXtKnOwCYQEaJ0=
=xbfj
-----END PGP SIGNATURE-----