This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 345801 - Listen-On does not Affect UDP
Listen-On does not Affect UDP
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: bind (Show other bugs)
5.0
All Linux
low Severity low
: ---
: ---
Assigned To: Adam Tkac
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-22 15:33 EDT by Jonathan Steffan
Modified: 2013-04-30 19:37 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-29 09:52:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jonathan Steffan 2007-10-22 15:33:31 EDT
Description of problem:
listen-on {} dirrectives do not affect UDP

Version-Release number of selected component (if applicable):
bind-9.3.3-9.0.1.el5

How reproducible:
Always

Steps to Reproduce:
1. Install bind onto a multi-homed host
2. Set listen-on {} for a certain IP
3. See bind only listening on the certain IP on TCP, listening on all UDP 
  
Actual results:
TCP is affected, not UDP

Expected results:
both are affected
Comment 1 Adam Tkac 2007-10-23 09:01:35 EDT
Works as expected for me:

/etc/named.conf:

options {
...
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
...
};
...

and "netstat -apn" says that named listen only on 127.0.0.1:53 and on ::1:53 .
Could you please check your configuration and if all is configured properly
please attach named log.

Adam
Comment 2 Jonathan Steffan 2007-10-23 18:14:26 EDT
/var/named/chroot/etc/named.conf:
options {
...
    listen-on {
          65.111.180.225;
          127.0.0.1;
    };
...
};

netstat -plan|grep 53:

tcp 0 0 65.111.180.225:53 0.0.0.0:* LISTEN 32325/named 
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 32325/named 
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 32325/named 
tcp 0 0 ::1:953 :::* LISTEN 32325/named 
udp 0 0 0.0.0.0:53 0.0.0.0:* 32325/named 
udp 0 0 65.111.180.225:53 0.0.0.0:* 32325/named 
udp 0 0 127.0.0.1:53 0.0.0.0:* 32325/named 
udp 0 0 :::53 :::* 32325/named 
Comment 3 Jonathan Steffan 2007-10-23 18:17:18 EDT
listen-on port 53 {
                  65.111.180.225;
                  127.0.0.1;
};
listen-on-v6 port 53 {
                  ::1;
};

This results in the same netstat output.
Comment 4 Adam Tkac 2007-10-24 09:39:54 EDT
Yes, result as expected. named always listen on 0.0.0.0 and :: .  You will try
for example delete 127.0.0.1; from listen-on statement and named should listen
on 65.111.180.225 and 0.0.0.0 . Could you please confirm that all works as expected?
Comment 5 Jonathan Steffan 2007-10-24 12:07:01 EDT
I'm confused.

"... named always listen on 0.0.0.0 and :: ."

What? Does it always listen on the above only for UDP? TCP is correct, and
listens to what the configuration file states (not on 0.0.0.0 or ::). AFAIK,
listen-on {} is supposed to affect UDP also.
Comment 6 Jim Perrin 2007-10-29 08:35:03 EDT
This is the behavior that I expected also. There's nothing I can find in the
bind docs that state 'listen-on' is tcp only. As there's no interface option as
dhcp has, listen-on is the appropriate method to control this behavior. If UDP
doesn't control this, then it is indeed a bug and needs to be fixed. 
Comment 7 Adam Tkac 2007-10-29 09:52:17 EDT
That addresses are used when named needs query other servers (so this is only
outgoing addresses). Please see http://www.isc.org/index.pl?/sw/bind/FAQ.php,
question "Why is named listening on UDP port other than 53?" . You are able to
control where named query other servers with query-source and query-source-v6
options (see "address" parameter of options)
Comment 8 Ralph Angenendt 2007-10-29 11:53:19 EDT
That's not really true. This is from an RHEL 3 (well, CentOS 3) box:

root@www1 root # netstat -plan | grep ":53 "
tcp        0      0 10.65.162.67:53             0.0.0.0:*                  
LISTEN      7697/named          
tcp        0      0 194.187.162.141:53          0.0.0.0:*                  
LISTEN      7697/named          
tcp        0      0 127.0.0.1:53                0.0.0.0:*                  
LISTEN      7697/named          
udp        0      0 10.65.162.67:53             0.0.0.0:*                      
        7697/named          
udp        0      0 10.65.163.141:53          0.0.0.0:*                        
      7697/named          
udp        0      0 127.0.0.1:53                0.0.0.0:*                      
        7697/named          
root@www1 root # grep -A3 listen-on /var/named/chroot/etc/named.conf
    listen-on {
        10.65.162.67;
        10.65.163.141;
        127.0.0.1;
root@www1 root # grep query-source /var/named/chroot/etc/named.conf
    # query-source address 10.65.163.141;

As you can easily see there is *no* named listening on any other interface than
those allowed in named.conf via the listen-on directive. And that machine has 5
ethernet interfaces. Neither is there any named listening on 0.0.0.0:53. 

So if bind answers queries on *any* interface which is not in the listen-on
directive, this is clearly a bug. Sure, they could have chosen to listen on all
interface and filter those queries out in a later stage, but that seems a tad
stupid to me.

Question for the reporter: Does bind *answer* queries on interfaces which aren't
in listen-on { };?
Comment 9 Adam Tkac 2007-10-29 12:08:04 EDT
(In reply to comment #8)
> That's not really true. This is from an RHEL 3 (well, CentOS 3) box:
> 
> root@www1 root # netstat -plan | grep ":53 "

try $netstat -plan |grep named. BIND uses random port for queries to other servers

> root@www1 root # grep -A3 listen-on /var/named/chroot/etc/named.conf
>     listen-on {
>         10.65.162.67;
>         10.65.163.141;
>         127.0.0.1;
> root@www1 root # grep query-source /var/named/chroot/etc/named.conf
>     # query-source address 10.65.163.141;

or specify query-source address <addr> port 53 (when you want use port 53 for
outgoing queries)

> 
> As you can easily see there is *no* named listening on any other interface than
> those allowed in named.conf via the listen-on directive. And that machine has 5
> ethernet interfaces. Neither is there any named listening on 0.0.0.0:53. 
> 
> So if bind answers queries on *any* interface which is not in the listen-on
> directive, this is clearly a bug. Sure, they could have chosen to listen on all
> interface and filter those queries out in a later stage, but that seems a tad
> stupid to me.
> 
> Question for the reporter: Does bind *answer* queries on interfaces which aren't
> in listen-on { };?

Comment 10 Ralph Angenendt 2007-10-29 13:19:05 EDT
Oh, okay, I see now. I was going to ask "who is that stupid to set query-source
to 0.0.0.0:53" until I realized that the example named.conf in RHEL5 does
exactly that.

Yes, you're right. If you comment out that line bind doesn't listen on
0.0.0.0:53 udp anymore. 

Probably this bug report wouldn't have blown out of proportion had you asked the
reporter to look what query-source is set to in his named.conf :)

Cheers,

Ralph

Note You need to log in before you can comment on or make changes to this bug.