[Pdns-users] dns queries timeout on secondary IPs
Derrik Pates
demon at devrandom.net
Thu Sep 9 17:04:57 UTC 2010
On 09/08/2010 11:55 AM, George wrote:
> I thought 0.0.0.0 is supposed to make it work on all IPs.
The socket listens on all IPs, but unfortunately recvfrom() doesn't know
what IP address the packet arrived on, so when the response is sent, it
is sent with the primary IP assigned to the "closest" interface (i.e.,
whatever has the most relevant next-hop route that will go to the
desired host). Thus, the IP is wrong, and the request originator doesn't
recognize the response as being part of the same conversation (since the
source address doesn't match).
Unfortunately, this is a persisting misfeature related to datagrams
under the Berkeley Sockets model. (I say that as someone who likes the
Berkeley Sockets model, so take that for what it's worth.) The problem
is, fixing it would involve incompatible changes to certain syscalls
(like recvfrom() and sendto()). Maybe that'll get fixed someday though -
it'd make it way easier to handle this sort of thing "right".
--
Derrik Pates
demon at devrandom.net
More information about the Pdns-users
mailing list