>From Mark.Andrews@dms.csiro.auTue Jan 9 22:20:49 1996 Date: Wed, 10 Jan 1996 17:14:06 +1100 From: Mark Andrews To: David Carmean From: Mark Andrews To: David Carmean Cc: bind-users@vix.com Subject: Re: Why listen on all local addresses? > > Sorry, I don't really know what I'm doing yet W.R.T. IPC, > but I have a problem I need to solve, so I'm going to try anyway.... > > Why does named listen on port 53 of each individual local > address on my host (Solaris 2.4 Sparc)? Why not just INADDR_ANY? > > The reason it concerns me is that I have 225 IP addresses aliased to > my one ethernet interface (it's a web server) and I've had some > packet storms crash my LAN; the only time I've managed to sniff > any of the packets, the address was 0.0.0.0.53. Somebody has > reported to me that they experienced this running named on their > machine with multiple VIFs as well, and that their problem went > away when they moved DNS off of that machine. > > Unfortunately, I can't move mine. I'm not sure I understand why > named is doing this. It's the only daemon on my system that > does so. > Because named needs to respond with the same source IP addresses as the packet was sent to. This is so the replies pass the packet spoofing checks. What I suspect is happening here is someone sent a old style broadcast packet to the DNS port. The was recieved on ALL 255 interfaces which then all responded. The sender may or may not see these answers depending apon the resovler technology being used and may retransmit triggering another burst. I can't however reproduce this. Broadcast packet are recieved on the unbound udp socket not on the bound sockets. Turn on debugging at level 1 to see this. The patch below allows you to specify which interface named will bind too. #define IFALIASES to enable it. In named.boot interface [INTERFACE IP ADDRESS LIST] e.g. interface 127.0.0.1 130.155.16.1 Mark *** db_reload.c.001 Thu Dec 15 17:24:16 1994 --- db_reload.c Wed Jan 10 15:22:26 1996 *************** *** 78,88 **** qflush(); sqflush(NULL); - getnetconf(); #ifdef FORCED_RELOAD reloading = 1; /* to force transfer if secondary and backing up */ #endif ns_init(bootfile); time(&resettime); #ifdef FORCED_RELOAD time(&resettime); #ifdef FORCED_RELOAD reloading = 0; --- 78,88 ---- qflush(); sqflush(NULL); #ifdef FORCED_RELOAD reloading = 1; /* to force transfer if secondary and backing up */ #endif ns_init(bootfile); + getnetconf(); time(&resettime); #ifdef FORCED_RELOAD reloading = 0; *** ns_glob.h.001 Fri Dec 22 21:20:34 1995 --- ns_glob.h Wed Jan 10 15:31:56 1996 *************** *** 174,179 **** --- 174,184 ---- DECL struct netinfo *boglist INIT(NULL); #endif + #ifdef IFALIASES + /* list of interfaces to config */ + DECL struct netinfo *ipifaddr INIT(NULL); + #endif + /* loopback net */ DECL struct netinfo netloop; *** ns_main.c.002 Wed Jan 10 14:27:53 1996 --- ns_main.c Wed Jan 10 16:03:05 1996 *************** *** 413,418 **** --- 413,426 ---- buildservicelist(); buildprotolist(); ns_init(bootfile); + #ifdef IFALIASES + /* + * the first pass just established the wild card address + * now that we have read the boot file, establish the interface + * spacific addresses + */ + getnetconf(); + #endif #ifdef DEBUG if (debug) { fprintf(ddt, "Network and sort list:\n"); *************** *** 927,932 **** --- 935,944 ---- u_int32_t nm; time_t my_generation = time(NULL); + #ifdef IFALIASES + if (first) + goto dofirst; + #endif ifc.ifc_len = sizeof buf; ifc.ifc_buf = buf; if (ioctl(vs, SIOCGIFCONF, (char *)&ifc) < 0) { *************** *** 965,970 **** --- 977,992 ---- *** 965,970 **** --- 977,992 ---- dprintf(1, (ddt, "considering [%s]\n", inet_ntoa(((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr))); + #ifdef IFALIASES + /* + * if ipifaddr is set only configure these interfaces + */ + if (ipifaddr && + !addr_on_netlist( + ((struct sockaddr_in *)&ifreq.ifr_addr)->sin_addr + , ipifaddr)) + continue; + #endif /* build datagram queue */ /* * look for an already existing source interface address. *************** *** 1091,1096 **** --- 1113,1121 ---- * Create separate qdatagram structure for socket * wildcard address. */ + #ifdef IFALIASES + dofirst: + #endif if (first) { if (!(dqp = (struct qdatagram *)calloc(1, sizeof(*dqp)))) panic(errno, "malloc(qdatagram)"); *** ns_init.c.002 Wed Jan 10 14:43:03 1996 --- ns_init.c Wed Jan 10 16:09:05 1996 *************** *** 165,170 **** --- 165,173 ---- #ifdef BOGUSNS free_netlist(&boglist); #endif + #ifdef IFALIASES + free_netlist(&ipifaddr); + #endif forward_only = 0; } *************** *** 292,297 **** --- 295,305 ---- } else if ((strcasecmp(buf, "tcplist") == 0) || (strcasecmp(buf, "xfrnets") == 0)) { get_netlist(fp, &xfrnets, ALLOW_NETS, buf); + continue; + #endif + #ifdef IFALIASES + } else if (strcasecmp(buf, "interface") == 0) { + get_netlist(fp, &ipifaddr, ALLOW_HOSTS, buf); continue; #endif #ifdef LOCALDOM