Maintained by: NLnet Labs

[Unbound-users] multiple IP aliases on one nic

krad
Wed Sep 11 11:23:03 CEST 2013


Hi,

I'm new to unbound but fairly well versed with bind. I'm currently building
a ha caching recursive dns solution for a client. I am using a pair centos
machines and ucarp for HA. The problem I am having is the the public
interface which users query has multiple ips (from the ucarp config) The
users will query the 2nd or 3rd ips on the box not the 1st as that isnt a
HA vip. This is fine, however unbound replies to the client using 1st ip on
the nic as the source address not the destination address the client
requested on.  eg

pub       Link encap:Ethernet  HWaddr 00:0C:29:7E:1D:89
          inet addr:x.x.x.x.58  Bcast:x.x.x.x  Mask:255.255.255.240
--
pub:1     Link encap:Ethernet  HWaddr 00:0C:29:7E:1D:89
          inet addr:x.x.x.60  Bcast:x.x.x.x  Mask:255.255.255.255

on the server

# tcpdump -i pub -l -nn port 53 and host x.x.x .59
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pub, link-type EN10MB (Ethernet), capture size 65535 bytes
10:16:36.054351 IP x.x.x.59.53539 > x.x.x.60.53: 23690+ A? www.yahoo.com.
(31)
10:16:36.410917 IP x.x.x.58.53 > x.x.x.59.53539: 23690 6/0/0 CNAME
fd-fp3.wg1.b.yahoo.com., CNAME ds-fp3.wg1.b.yahoo.com., CNAME
ds-eu-fp3-lfb.wa1.b.yahoo.com., CNAME ds-eu-fp3.wa1.b.yahoo.com., A
87.248.122.122, A 87.248.112.181 (167)


from the client

# dig www.yahoo.com @x.x.x.60 +short
;; reply from unexpected source: x.x.x.58#53, expected x.x.x.60#53
;; reply from unexpected source: x.x.x.58#53, expected x.x.x.60#53
;; reply from unexpected source: x.x.x.58#53, expected x.x.x.60#53


this is obviously going to cause a lot of issues and break dns passing
through firewalls etc. I know bind doesnt suffer this issues how can I fix
it with unbound?


I could run two instances of unbound each only listening on each ha vip and
then get ucarp to control the startup and shutdown. This however seems very
wasteful of resources.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130911/fe2732e0/attachment.html>