RE: Public DNS - recursion no - Access to the Internet - DNS

This is a discussion on RE: Public DNS - recursion no - Access to the Internet - DNS ; Threat's growing Below is next quote: "If you use multiple nameserver directives, don't use the loopback address! There's a bug in some Berkeley-derived TCP/IP implementations that can cause problems with BIND if the local nameserver is down. The resolver's connected ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: RE: Public DNS - recursion no - Access to the Internet

  1. RE: Public DNS - recursion no - Access to the Internet

    Threat's growing
    Below is next quote:

    "If you use multiple nameserver directives, don't use the loopback address!
    There's a bug in some Berkeley-derived TCP/IP implementations that can cause
    problems with BIND if the local nameserver is down. The resolver's connected
    datagram socket won't rebind to a new local address if the local nameserver
    isn't running, and consequently the resolver sends query packets to the
    fallback remote nameservers with a source address of 127.0.0.1. When the
    remote nameservers try to reply, they end up sending the reply packets to
    themselves."

    --
    Best regards




  2. Re: Public DNS - recursion no - Access to the Internet

    In article ,
    Jarek Buczy?ski wrote:

    > Threat's growing
    > Below is next quote:
    >
    > "If you use multiple nameserver directives, don't use the loopback address!
    > There's a bug in some Berkeley-derived TCP/IP implementations that can cause
    > problems with BIND if the local nameserver is down. The resolver's connected
    > datagram socket won't rebind to a new local address if the local nameserver
    > isn't running, and consequently the resolver sends query packets to the
    > fallback remote nameservers with a source address of 127.0.0.1. When the
    > remote nameservers try to reply, they end up sending the reply packets to
    > themselves."


    I think that bug was fixed at least a decade ago, so it's probably not
    an important caveat.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



+ Reply to Thread