Maintained by: NLnet Labs

[Unbound-users] ip-transparent patch

Sten Spans
Tue Feb 10 10:55:09 CET 2015


I'm trying to use unbound in combination with vrrp/keepalived.
The use of floating ips, would require an unbound restart every
time an ip moves from one host to another.

For ipv4 linux has the ip.nonlocal_bind sysctl to allow binding
to non-local ips, however ipv6 has no such sysctl.

NSD has the ip-transparent option to set the sockopt to make
non-local binding possible, unbound doesn't seem to support
a similar feature.

Would a patch adding support for this feature be accepted?

A very crude, but works-for-me diff is included below.
(this is based on 1.4.22, but 1.5 seems to be pretty similar)

--- services/listen_dnsport.c.orig	2014-02-14 10:50:25.000000000 +0100
+++ services/listen_dnsport.c	2015-02-10 10:38:29.993665452 +0100
@@ -173,6 +173,13 @@
  #else
  		(void)reuseport;
  #endif /* defined(__linux__) && defined(SO_REUSEPORT) */
+#ifdef IP_TRANSPARENT
+		if (setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
+			(socklen_t)sizeof(on)) < 0) {
+				log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
+					strerror(errno));
+		}
+#endif /* IP_TRANSPARENT */
  	}
  	if(rcv) {
  #ifdef SO_RCVBUF
@@ -517,6 +525,13 @@
  #else
  	(void)v6only;
  #endif /* IPV6_V6ONLY */
+#ifdef IP_TRANSPARENT
+	if (setsockopt(s, IPPROTO_IP, IP_TRANSPARENT, (void*)&on,
+		(socklen_t)sizeof(on)) < 0) {
+			log_warn("setsockopt(.. IP_TRANSPARENT ..) failed: %s",
+				strerror(errno));
+	}
+#endif /* IP_TRANSPARENT */
  	if(bind(s, addr->ai_addr, addr->ai_addrlen) != 0) {
  #ifndef USE_WINSOCK
  		/* detect freebsd jail with no ipv6 permission */

-- 
Sten Spans

"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem