Maintained by: NLnet Labs

[Unbound-users] Source address selection for replies

Alexander Gall
Wed Jan 16 12:35:59 CET 2008


On Tue, 15 Jan 2008 17:00:42 +0100, Wouter Wijngaards <wouter at NLnetLabs.nl> said:

> In http://unbound.net/downloads/unbound-0.9-20080115.tar.gz
> you can find a snapsnot from dev trunk with the option called
> 	interface-automatic: yes
> It is tested and works on (recent)FreeBSD, linux, Solaris, and MacOSX.

> Note that this is a snapshot from trunk since the changes are
> substantial, and required lots of porting effort. Please consider that
> this version has access-control, and you will need to configure access
> control (only localhost enabled by default). It also has AS112 blocking,
> which may be nice for you, and limited authority support. Please ignore
> the unbound-as-a-library development code in there, it is not done.

Thanks.  It compiles fine on Linux, but only when I use LIBS="-lldns
-lcrypto" with make.  I didn't track this down in the Makefile, but
these options appear to be missing in some linker rules.  The 0.7.2
release only required LIBS=-ldns.

> Can you try this Alexander? Tell me if it works or not :-)

The code seems to work on Linux (kernel 2.6.12, glibc 2.3.6) as
expecyed.  Great!  

However, the query replies still use the wrong source address if the
query was directed to a loopback address.  This is a bit orthogonal to
the issue with the sockets, but I believe you need to *always* request
the source address specifically and not rely on the kernel source
address selection as dicussed earlier.

Interestingly, I see a single socket for UDP but two for TCP (IPv4,
IPv6).  Just wondering why.

-- 
Alex