3

I have server with NSD. There are MAIN_IP and ADD_IP. When I try to get IP of my site from server I have right output

dig @localhost my_site.com

But when I try to make this from my PC, I have

dig @my_ns_server.com my_site.com
;; reply from unexpected source: MAIN_IP#53, expected ADD_IP#53

(ADD_IP is IP of my_ns_server.com)

What should I do?

UPD: My interfaces conf

auto eth2
allow-hotplug eth2
iface eth2 inet static
        address xxx.xxx.xxx.234
        netmask 255.255.255.252
        network xxx.xxx.xxx.232
        broadcast xxx.xxx.xxx.235
        gateway xxx.xxx.xxx.233
        dns-nameservers MY_ISP_IP
        dns-search MY_ISP_DOMAIN

auto eth2:0
iface eth2:0 inet static
  address xxx.xxx.xxx.124
  netmask 255.255.255.0

xxx.xxx.xxx is the same for all IPs

netstat -lntpu | grep :53

tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1363/nsd        
tcp6       0      0 :::53                   :::*                    LISTEN      1363/nsd        
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1363/nsd        
udp6       0      0 :::53                   :::*                                1363/nsd
Ximik
  • 143
  • 1
  • 6
  • Are MAIN_IP and ADD_IP on different networks? Are they aliases on the same interface? If they are on different networks, on which network is the default route of the server? – larsks Dec 21 '10 at 15:01
  • In one network, aliased on the same interface. Added the interfaces conf. – Ximik Dec 21 '10 at 15:11
  • You are over-obfuscating your configuration and it is making it difficult to figure out the details. Which address is MAIN_IP? And which is ADD_IP? – larsks Dec 21 '10 at 16:19
  • MAIN_IP is xxx.xxx.xxx.234 (eth2) ADD_IP is xxx.xxx.xxx.124 (eth2:0) – Ximik Dec 21 '10 at 16:26

3 Answers3

3

When NSD listens on all interfaces it lets the OS do the source address selection. Always explicitly specify the addresses you want NSD to listen on (e.g. all IPs of your NS records). In your case:

server:
    ip-address: a.b.c.124

This thread on the nsd-users mailing list describes the same issue (the IPv6 part is irrelevant).

schot
  • 646
  • 5
  • 11
0

This may be a NSD misconfiguration or a wrong NAT rule on your box/router. NSD is listening on all interfaces ? Are you doing port forwarding on your NSD box to make it answer DNS queries on secondary IP address ?

Can you paste your netstat output from your NSD box, please ?

netstat -lntpu | grep :53
vitalie
  • 502
  • 2
  • 5
  • NSD is listening on all interfaces (default configuration). iptables are empty, so seems like query and answer ips have to be the same. Added netstat to the post. – Ximik Dec 21 '10 at 18:42
  • Your netmask for secondary IP is correct ? Shouldn't be 255.255.255.252 or something else ? The 255.255.255.0 netmask it's a /24 which includes subnet X.X.X.232/30. – vitalie Dec 21 '10 at 21:02
  • This masks are set by my ISP, so they should be correct. – Ximik Dec 21 '10 at 21:50
0

I got the same issue with a setup and NSD 3.2.8 It looks like NSD does not answer on the right socket. The server I used has two IPs on the same network. It seems to always answer from the main one, never the aliased one. The bind servers (9.7.x) has no such issue.

edf
  • 9
  • 1