Maintained by: NLnet Labs

[Unbound-users] unbound does not use "outgoing-interface" for IPv6 TCP requests

Hauke Lampe
Mon Oct 11 00:59:58 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Wouter.

On 08.10.2010 14:59, W.C.A. Wijngaards wrote:

> In the interest of prevention of feature bloat, I would like to ask,
> apart from thanking you for reporting the oddity, if such code is really
> necessary?

Unbound's behaviour was quite unexpected and in my case caused Unbound
to use a tunneled IP address instead of a direct route. Although it
works for me, I think Unbound should use "outgoing-interface" for TCP, too.

> (and would random sampling then be sufficient?)

TCP offers enough spoof protection, so even using only the first
configured address would be sufficient, IMHO.

Random sampling would be more consistent with UDP behaviour, though.


Hauke.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyyRW4ACgkQKIgAG9lfHFOvUwCffsiq3ThW400LCqEE71S9cVXg
dNMAoL1P9bhMlIw9IRHC1REhyqybckky
=JCUw
-----END PGP SIGNATURE-----