[dnsdist] dnsdist using loopback address as source address for queries

Adam Bishop Adam.Bishop at jisc.ac.uk
Thu Sep 9 22:50:34 UTC 2021 

Good Evening,

After running for some amount of time (seems to be days), our dnsdist instances suddenly start trying to talk to the backends using the loopback address as the source:

    # tcpdump -i ens192 -nn port 53
    dropped privs to tcpdump
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
    22:39:07.014963 IP6 <snip>:ac10:0:ac10:2e.64975 > <snip>::197.53: 35980+ [1au] SOA? lbdn.domain. (45)
    22:39:07.015390 IP6 ::1.38717 > <snip>::195.53: 43034 [1au] SOA? lbdn.domain. (69)

Note this is not the loopback interface - packets are being placed on the wire and fired off into the network with ::1 as the source address. This is affecting all our instances, but they don't fail simultaneously.

Bizarrely, this only affects queries made by clients - the backend health check still uses the correct source address while this is going on. Restarting dnsdist brings them back into service.

I think I can work around this by setting an explicit source IP for each backend - I'm suspecting that trying to talk to backends with the return address set to ::1 is probably a bug though!

We're running the current master branch builds on RHEL8.

Adam Bishop

  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk


Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under company number. 05747339, VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company limited by shares which is registered in England under company number 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, Bristol, BS1 6NB. T 0203 697 5800.


For more details on how Jisc handles your data see our privacy notice here: https://www.jisc.ac.uk/website/privacy-notice

More information about the dnsdist mailing list