Bug 345801
Summary: | Listen-On does not Affect UDP | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Jonathan Steffan <jonathansteffan> |
Component: | bind | Assignee: | Adam Tkac <atkac> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 5.0 | CC: | james.l.perrin, ovasik, ralph+rh-bugzilla |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-10-29 13:52:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jonathan Steffan
2007-10-22 19:33:31 UTC
Works as expected for me: /etc/named.conf: options { ... listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; ... }; ... and "netstat -apn" says that named listen only on 127.0.0.1:53 and on ::1:53 . Could you please check your configuration and if all is configured properly please attach named log. Adam /var/named/chroot/etc/named.conf: options { ... listen-on { 65.111.180.225; 127.0.0.1; }; ... }; netstat -plan|grep 53: tcp 0 0 65.111.180.225:53 0.0.0.0:* LISTEN 32325/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 32325/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 32325/named tcp 0 0 ::1:953 :::* LISTEN 32325/named udp 0 0 0.0.0.0:53 0.0.0.0:* 32325/named udp 0 0 65.111.180.225:53 0.0.0.0:* 32325/named udp 0 0 127.0.0.1:53 0.0.0.0:* 32325/named udp 0 0 :::53 :::* 32325/named listen-on port 53 { 65.111.180.225; 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; This results in the same netstat output. Yes, result as expected. named always listen on 0.0.0.0 and :: . You will try for example delete 127.0.0.1; from listen-on statement and named should listen on 65.111.180.225 and 0.0.0.0 . Could you please confirm that all works as expected? I'm confused. "... named always listen on 0.0.0.0 and :: ." What? Does it always listen on the above only for UDP? TCP is correct, and listens to what the configuration file states (not on 0.0.0.0 or ::). AFAIK, listen-on {} is supposed to affect UDP also. This is the behavior that I expected also. There's nothing I can find in the bind docs that state 'listen-on' is tcp only. As there's no interface option as dhcp has, listen-on is the appropriate method to control this behavior. If UDP doesn't control this, then it is indeed a bug and needs to be fixed. That addresses are used when named needs query other servers (so this is only outgoing addresses). Please see http://www.isc.org/index.pl?/sw/bind/FAQ.php, question "Why is named listening on UDP port other than 53?" . You are able to control where named query other servers with query-source and query-source-v6 options (see "address" parameter of options) That's not really true. This is from an RHEL 3 (well, CentOS 3) box: root@www1 root # netstat -plan | grep ":53 " tcp 0 0 10.65.162.67:53 0.0.0.0:* LISTEN 7697/named tcp 0 0 194.187.162.141:53 0.0.0.0:* LISTEN 7697/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 7697/named udp 0 0 10.65.162.67:53 0.0.0.0:* 7697/named udp 0 0 10.65.163.141:53 0.0.0.0:* 7697/named udp 0 0 127.0.0.1:53 0.0.0.0:* 7697/named root@www1 root # grep -A3 listen-on /var/named/chroot/etc/named.conf listen-on { 10.65.162.67; 10.65.163.141; 127.0.0.1; root@www1 root # grep query-source /var/named/chroot/etc/named.conf # query-source address 10.65.163.141; As you can easily see there is *no* named listening on any other interface than those allowed in named.conf via the listen-on directive. And that machine has 5 ethernet interfaces. Neither is there any named listening on 0.0.0.0:53. So if bind answers queries on *any* interface which is not in the listen-on directive, this is clearly a bug. Sure, they could have chosen to listen on all interface and filter those queries out in a later stage, but that seems a tad stupid to me. Question for the reporter: Does bind *answer* queries on interfaces which aren't in listen-on { };? (In reply to comment #8) > That's not really true. This is from an RHEL 3 (well, CentOS 3) box: > > root@www1 root # netstat -plan | grep ":53 " try $netstat -plan |grep named. BIND uses random port for queries to other servers > root@www1 root # grep -A3 listen-on /var/named/chroot/etc/named.conf > listen-on { > 10.65.162.67; > 10.65.163.141; > 127.0.0.1; > root@www1 root # grep query-source /var/named/chroot/etc/named.conf > # query-source address 10.65.163.141; or specify query-source address <addr> port 53 (when you want use port 53 for outgoing queries) > > As you can easily see there is *no* named listening on any other interface than > those allowed in named.conf via the listen-on directive. And that machine has 5 > ethernet interfaces. Neither is there any named listening on 0.0.0.0:53. > > So if bind answers queries on *any* interface which is not in the listen-on > directive, this is clearly a bug. Sure, they could have chosen to listen on all > interface and filter those queries out in a later stage, but that seems a tad > stupid to me. > > Question for the reporter: Does bind *answer* queries on interfaces which aren't > in listen-on { };? Oh, okay, I see now. I was going to ask "who is that stupid to set query-source to 0.0.0.0:53" until I realized that the example named.conf in RHEL5 does exactly that. Yes, you're right. If you comment out that line bind doesn't listen on 0.0.0.0:53 udp anymore. Probably this bug report wouldn't have blown out of proportion had you asked the reporter to look what query-source is set to in his named.conf :) Cheers, Ralph |