NOTIFY messages not sent from correct address
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
NOTIFY messages not sent from correct address
by Matthew Pounsett
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 I seem to have run into a problem with NOTIFY messages sent from a master pdns server to its slaves. It seems that the interface selected to be the source of the notify messages is not necessarily the same interface that pdns listens to for answering queries... and therefore may not be the interface where slaves expect to find their master. This is using pdns 2.9.22 on various operating systems. I'm managing a configuration with many name server processes running on individual servers, each holding zones belonging to a single customer or service. In the this example case I'm dealing with now, I have two pdns masters running on one server handling different sets of zones. The server is configured with two interfaces, 192.0.2.1 and 192.0.2.2. Using the local-address directive, the first master is configured to use 192.0.2.1 and the second is using 192.0.2.2. The master on 192.0.2.1 works fine, and the slaves see notify messages from the correct place and all is good. However, the second master is also sending its notify messages from 192.0.2.1. Since its slaves are configured to talk to 192.0.2.2, they see this as a notify from an unauthorized source, and so they ignore it. I initially thought this might be a problem with the network configuration on the servers, until I took a look at the pdns processes with lsof. Here is the lsof output section reporting the network interfaces pdns is connected to: pdns_serv 21870 root 5u IPv4 45796887 UDP 192.0.2.2:domain pdns_serv 21870 root 7u IPv6 45796889 UDP [2001:DB8::2]:domain pdns_serv 21870 root 9u IPv4 45796891 TCP 192.0.2.2:domain (LISTEN) pdns_serv 21870 root 11u IPv6 45796893 TCP [2001:DB8::2]:domain (LISTEN) pdns_serv 21870 root 13u IPv4 45796895 TCP 127.0.0.1:sunproxyadmin (LISTEN) pdns_serv 21870 root 17u IPv4 45796903 UDP *: 27740 I can see on the slave side that notify messages are arriving from 192.0.2.1:27740. It seems pretty clear that the master is using the UDP port bound to INADDR_ANY to send notify messages, which seems to me to be a problem. It seems likely this could be fixed by changing that particular socket call to use the address defined by local-address in the .conf file. Unfortunately, my c++ isn't nearly good enough to track that down and produce a patch. Can anyone else confirm this behaviour, and/or suggest a fix? Matt Pounsett -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.11 (Darwin) iEYEARECAAYFAkp5rn4ACgkQmFeRJ0tjIxEvkACfVKEGqtmi3xrQ5b1kq8iidmW6 4fQAniruyNZ/3qCfNzjhZDydqvjvMbxj =4N5S -----END PGP SIGNATURE----- _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
|
|
Re: NOTIFY messages not sent from correct address
by Ton van Rosmalen
::
Rate this Message:
Hi Matthew,
Matthew Pounsett schreef: > > I seem to have run into a problem with NOTIFY messages sent from a > master pdns server to its slaves. It seems that the interface > selected to be the source of the notify messages is not necessarily > the same interface that pdns listens to for answering queries... and > therefore may not be the interface where slaves expect to find their > master. This is using pdns 2.9.22 on various operating systems. > > I'm managing a configuration with many name server processes running > on individual servers, each holding zones belonging to a single > customer or service. In the this example case I'm dealing with now, I > have two pdns masters running on one server handling different sets of > zones. The server is configured with two interfaces, 192.0.2.1 and > 192.0.2.2. > > Using the local-address directive, the first master is configured to > use 192.0.2.1 and the second is using 192.0.2.2. The master on > 192.0.2.1 works fine, and the slaves see notify messages from the > correct place and all is good. However, the second master is also > sending its notify messages from 192.0.2.1. Since its slaves are > configured to talk to 192.0.2.2, they see this as a notify from an > unauthorized source, and so they ignore it. > > I initially thought this might be a problem with the network > configuration on the servers, until I took a look at the pdns > processes with lsof. Here is the lsof output section reporting the > network interfaces pdns is connected to: > > pdns_serv 21870 root 5u IPv4 45796887 UDP > 192.0.2.2:domain > pdns_serv 21870 root 7u IPv6 45796889 UDP > [2001:DB8::2]:domain > pdns_serv 21870 root 9u IPv4 45796891 TCP > 192.0.2.2:domain (LISTEN) > pdns_serv 21870 root 11u IPv6 45796893 TCP > [2001:DB8::2]:domain (LISTEN) > pdns_serv 21870 root 13u IPv4 45796895 TCP > 127.0.0.1:sunproxyadmin (LISTEN) > pdns_serv 21870 root 17u IPv4 45796903 UDP > *:27740 > > I can see on the slave side that notify messages are arriving from > 192.0.2.1:27740. It seems pretty clear that the master is using the > UDP port bound to INADDR_ANY to send notify messages, which seems to > me to be a problem. > > It seems likely this could be fixed by changing that particular socket > call to use the address defined by local-address in the .conf file. > Unfortunately, my c++ isn't nearly good enough to track that down and > produce a patch. > > Can anyone else confirm this behaviour, and/or suggest a fix? "query-local-address" just for this purpose. Search http://doc.powerdns.com/all-settings.html for this option to see the explanation. Good luck. Regards, Ton _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
| Free embeddable forum powered by Nabble | Forum Help |
