Re: Public DNS - recursion no - Access to the Internet - DNS

This is a discussion on Re: Public DNS - recursion no - Access to the Internet - DNS ; Jarek Buczynski a écrit : > Below is next quote: > > "If you use multiple nameserver directives, don't use the loopback address! > There's a bug in some Berkeley-derived TCP/IP implementations that can cause > problems with BIND if ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Public DNS - recursion no - Access to the Internet

  1. Re: Public DNS - recursion no - Access to the Internet

    Jarek Buczynski a écrit :
    > Below is next quote:
    >
    > "If you use multiple nameserver directives, don't use the loopback address!
    > There's a bug in some Berkeley-derived TCP/IP implementations that can cause
    > problems with BIND if the local nameserver is down. The resolver's connected
    > datagram socket won't rebind to a new local address if the local nameserver
    > isn't running, and consequently the resolver sends query packets to the
    > fallback remote nameservers with a source address of 127.0.0.1. When the
    > remote nameservers try to reply, they end up sending the reply packets to
    > themselves."


    Wow, that's a bug !
    However, the sender's IP stack should refuse to send the packet out on
    the network because adresses within 127.0.0.0/8 are invalid outside a
    host. And even though, the receiver's IP stack should also drop the
    incoming packet for the same reason. So, in order for the remote
    nameserver to send a reply, we need a lot of broken software.



  2. Re: Public DNS - recursion no - Access to the Internet

    In article ,
    Pascal Hambourg wrote:

    > Jarek Buczynski a ecrit :
    > > Below is next quote:
    > >
    > > "If you use multiple nameserver directives, don't use the loopback address!
    > > There's a bug in some Berkeley-derived TCP/IP implementations that can cause
    > > problems with BIND if the local nameserver is down. The resolver's connected
    > > datagram socket won't rebind to a new local address if the local nameserver
    > > isn't running, and consequently the resolver sends query packets to the
    > > fallback remote nameservers with a source address of 127.0.0.1. When the
    > > remote nameservers try to reply, they end up sending the reply packets to
    > > themselves."

    >
    > Wow, that's a bug !
    > However, the sender's IP stack should refuse to send the packet out on
    > the network because adresses within 127.0.0.0/8 are invalid outside a
    > host. And even though, the receiver's IP stack should also drop the
    > incoming packet for the same reason. So, in order for the remote
    > nameserver to send a reply, we need a lot of broken software.


    Does it really matter whether the server gets the request or not?
    Either way it won't be able to reply to the client.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



+ Reply to Thread