Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Binding to non-SLAAC addresses only #410

Open
eickeh opened this issue Nov 19, 2024 · 2 comments
Open

Binding to non-SLAAC addresses only #410

eickeh opened this issue Nov 19, 2024 · 2 comments
Assignees
@k0ekk0ek

Comments

@eickeh
Copy link

eickeh commented Nov 19, 2024

First of all, thank you for all your work on nsd! It runs smooth and stable for quite some years for us! 🎉

Problem description

We just ran into one issue with IPv6 SLAAC addresses. As soon as the SLAAC address pops up after boot, nsd doesn't serve IPv6 UDP DNS requests to the static address anymore. The man page says the following:

ip-address: <ip4 or ip6>[@port] [servers] [bindtodevice] [setfib]
              NSD will bind to the listed ip-address. Can be given multiple
              times  to bind multiple ip-addresses. 
              [...]

              For  servers  with  multiple IP addresses that can be used to
              send traffic to the internet, list them one by  one,  or  the
              source address of replies could be wrong.  This is because if
              the udp socket associates a source address  of  0.0.0.0  then
              the  kernel picks an ip-address with which to send to the in‐
              ternet, and it picks the wrong  one.   Typically  needed  for
              anycast instances.  Use ip-transparent to be able to list ad‐
              dresses that turn on later (typical for certain  load-balanc‐
              ing).

So that's most likely the case here. As soon as I set my IPs like this, it works:

        ip-address: 0.0.0.0
        ip-address: <<my static v6 IP>>

So that's good. However, I would like to keep the nsd.conf as machine-agnostic as possible as I deploy it via Ansible on multiple hosts.
So I wondered if one could incorporate an option that only binds to non-slaac addresses. What do you think?

System info:

OS: Debian 12.8
Version: 4.6.1
@k0ekk0ek k0ekk0ek self-assigned this Nov 26, 2024
@k0ekk0ek
Copy link

Hi @eickeh! I'm not sure this is something we can handle conveniently in NSD(?) We don't provide anything special to getaddrinfo (click here for details) when binding. This almost feels like it has more to do with the default interface being updated on the system? However, I'm by no means an expert when it comes to interface/route configurations, so there's a good chance I'm wrong. If there's a convenient way for us to add this, I'm happy to look into it.

@eickeh
Copy link
Author

eickeh commented Dec 5, 2024

Hmm, I read a bit further and I found no good way to handle additional SLAAC addresses on servers and easiest thing is to just turn SLAAC off. So thanks but I guess you're right - the problem is not that nsd doesn't bind to the address, but that the response comes from the wrong IP.

Please somebody correct me, if there is a good way that I missed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@k0ekk0ek k0ekk0ek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@k0ekk0ek @eickeh