[dnsdist] Define from which source dnsdist is sending a reply

Remi Gacogne remi.gacogne at powerdns.com
Fri Mar 3 15:34:40 UTC 2023


Hi Sandro,

On 03/03/2023 16:28, Sandro Bolliger via dnsdist wrote:
> Is it possible to send a reply from a specific IP as source in dnsdist? I use multiple different IPs on the Loopback interface of my dnsdist machine. The IPs are routed to that server. Now dnsdist is replying with the interface IP on which it has connectivity to the other machines. This is causing trouble with as an example Ubuntu systems that now refuse to use the reply from the wrong source IP. As an example Ubuntu sends its DNS query to 192.0.2.1 and gets a reply from 203.0.113.2. It then tells me ;; reply from unexpected source: 203.0.113.2#53, expected 192.0.2.1#53.
> 
> Best case would be to send the reply from the same IP I received the request on.

Yes, if dnsdist does not do that it's a bug. Are you by any chance 
running 1.8.0-rc1, which has a known issue that is very similar to that 
(see [1], and the fix in [2])? If so, we will release -rc2 next week.

[1]: https://github.com/PowerDNS/pdns/issues/12581
[2]: https://github.com/PowerDNS/pdns/pull/12586
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230303/ce6ef9cd/attachment.sig>


More information about the dnsdist mailing list