Maintained by: NLnet Labs

[Unbound-users] unbound anycast / query reply address

W.C.A. Wijngaards
Wed Jun 6 15:06:44 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Florian,

On 06/06/2012 02:51 PM, Florian Lohoff wrote:
> 
> Hi,
> 
> i have done anycast DNS in the past with BIND and had no problems
> concerning source address selection for replies or queries. Now i
> am trying to set this up with unbound and i fail to see how to get
> the source address selection to work correctly.
> 
> The anycast address is configured on lo:1 (linux) and get
> redistributed with RIP.
> 
> Now unbound replys on queries to the anycast address but with the
> interface address of the ethernet interface. I would have thought
> it always takes the queries destination address as the replys
> source address and only leaves the source address selection to the
> kernel when sending out queries itself.

It does.  But it looks like that does not work well, since both eth0
and lo:1 have route there, the kernel chooses wrongly it seems.

> I have seen "outgoing-interface" but thats the side which works
> e.g. sending out queries.

Use interface-automatic: yes

It'll detect the interface used for an incoming query (with platform
specific socket options), and use that interface to send the reply.

> I'd like unbound to be able to reply to all addresses e.g. the
> ethernet address aswell so one can monitor liveness from remote
> which is not possible on the anycast address for obvious reasons.

And it does that as well.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPz1XjAAoJEJ9vHC1+BF+NP74P/31Nj3TfNHgH8xduDahUVuCh
5ZecEHcoN/t6tjvgD1kMbscfWaQDri4bPT94FAAng3tREvO9vvTQZSVNCUbQS98f
VDZVzTKXNBPrQxQJV8Kc68vcj7+vHg4hDD6aQPuN14AtBzMnMMyllwZs9NqDXlsV
NCGQYCcHfq/vQekpsHGS5vmLlEiCVWFgvX1AQ0HlXnFLB55HilXQ6uOp5czcOiUb
OcCknIMT6aAuparH0VzAEv1WQUgDKllfpqSZDMdQ38rM8wCZTn1OMyxyz36KWvyn
ASikTN+KqsNux+t9dgrh/Qt3EY2hLD+US8i+ysrpV91hBeIEFoEFPtF1r2++K+Va
VWFKUtA+I6HHeiQ3DGwNFA9yeGeJ9b5IvgSujoXhK3m+SQOqBvpAbQkLSz1wNcZq
OAtg1BhuHLIZ3AUVDmG9c1gAsT3SlNMrhHoGzGqGiHvxVw/4UxOpw5+f4GpMKLGw
2YfsYue+zLOpokhedpjUY+dvhfm7RnTTRJ+W+Pgqv+VD0UK9Esq/MdeuB+uMJ/++
c3gSQ4YtXYKNMCI0kl1HbbmRSj2aiLXYWa1Q85Nlduir2EZ5Gf1BS1OVEf9StKAj
sSJLev62dxa+iCNy1RBGf1mku6tv+qzQ5zwko8dRSqklLwfa/2wqa/A/7R4gAEpO
5USf/xuxgRo/IHUOjnCN
=KJPD
-----END PGP SIGNATURE-----