Hi,
i have done anycast DNS in the past with BIND and had no problems concerning
source address selection for replies or queries. Now i am trying to set this up
with unbound and i fail to see how to get the source address selection to work
correctly.
The anycast address is configured on lo:1 (linux) and get redistributed with
RIP.
Now unbound replys on queries to the anycast address but with the interface
address of the ethernet interface. I would have thought it always takes the
queries destination address as the replys source address and only leaves the
source address selection to the kernel when sending out queries itself.
I have seen "outgoing-interface" but thats the side which works e.g. sending
out queries.
I'd like unbound to be able to reply to all addresses e.g. the ethernet address
aswell so one can monitor liveness from remote which is not possible on the
anycast address for obvious reasons.
Flo
Hi Florian,
Hi,
i have done anycast DNS in the past with BIND and had no problems
concerning source address selection for replies or queries. Now i
am trying to set this up with unbound and i fail to see how to get
the source address selection to work correctly.
The anycast address is configured on lo:1 (linux) and get
redistributed with RIP.
Now unbound replys on queries to the anycast address but with the
interface address of the ethernet interface. I would have thought
it always takes the queries destination address as the replys
source address and only leaves the source address selection to the
kernel when sending out queries itself.
It does. But it looks like that does not work well, since both eth0
and lo:1 have route there, the kernel chooses wrongly it seems.
I have seen "outgoing-interface" but thats the side which works
e.g. sending out queries.
Use interface-automatic: yes
It'll detect the interface used for an incoming query (with platform
specific socket options), and use that interface to send the reply.
I'd like unbound to be able to reply to all addresses e.g. the
ethernet address aswell so one can monitor liveness from remote
which is not possible on the anycast address for obvious reasons.
And it does that as well.
Best regards,
Wouter