

>From Mark.Andrews@dms.csiro.auTue Jan  9 22:20:49 1996
Date: Wed, 10 Jan 1996 17:14:06 +1100
From: Mark Andrews <Mark.Andrews@dms.csiro.au>
To: David Carmean <dave@west.net>

From: Mark Andrews <Mark.Andrews@dms.csiro.au>
To: David Carmean <dave@west.net>
Cc: bind-users@vix.com
Subject: Re: Why listen on all local addresses?


>
>       Sorry, I don't really know what I'm doing yet W.R.T. IPC,
> but I have a problem I need to solve, so I'm going to try anyway....
>
>       Why does named listen on port 53 of each individual local
> address on my host (Solaris 2.4 Sparc)?  Why not just INADDR_ANY?
>
> The reason it concerns me is that I have 225 IP addresses aliased to
> my one ethernet interface (it's a web server) and I've had some
> packet storms crash my LAN;  the only time I've managed to sniff
> any of the packets, the address was 0.0.0.0.53.  Somebody has
> reported to me that they experienced this running named on their
> machine with multiple VIFs as well, and that their problem went
> away when they moved DNS off of that machine.
>
> Unfortunately, I can't move mine. I'm not sure I understand why
> named is doing this.  It's the only daemon on my system that
> does so.
>
        Because named needs to respond with the same source IP
        addresses as the packet was sent to. This is so the replies
        pass the packet spoofing checks.

        What I suspect is happening here is someone sent a old style
        broadcast packet to the DNS port. The was recieved on ALL 255
        interfaces which then all responded. The sender may or may not
        see these answers depending apon the resovler technology being
        used and may retransmit triggering another burst.

        I can't however reproduce this.

        Broadcast packet are recieved on the unbound udp socket not on
        the bound sockets. Turn on debugging at level 1 to see this.

        The patch below allows you to specify which interface named
        will bind too. #define IFALIASES to enable it.

        In named.boot

            interface [INTERFACE IP ADDRESS LIST]

            e.g.
                interface 127.0.0.1 130.155.16.1

        Mark

*** db_reload.c.001     Thu Dec 15 17:24:16 1994
--- db_reload.c Wed Jan 10 15:22:26 1996
***************
*** 78,88 ****

        qflush();
        sqflush(NULL);
-       getnetconf();
  #ifdef FORCED_RELOAD
        reloading = 1;     /* to force transfer if secondary and backing up */
  #endif
        ns_init(bootfile);
        time(&resettime);
  #ifdef FORCED_RELOAD

        time(&resettime);
  #ifdef FORCED_RELOAD
        reloading = 0;
--- 78,88 ----

        qflush();
        sqflush(NULL);
  #ifdef FORCED_RELOAD
        reloading = 1;     /* to force transfer if secondary and backing up */
  #endif
        ns_init(bootfile);
+       getnetconf();
        time(&resettime);
  #ifdef FORCED_RELOAD
        reloading = 0;
*** ns_glob.h.001       Fri Dec 22 21:20:34 1995
--- ns_glob.h   Wed Jan 10 15:31:56 1996
***************
*** 174,179 ****
--- 174,184 ----
  DECL  struct netinfo          *boglist        INIT(NULL);
  #endif

+ #ifdef IFALIASES
+       /* list of interfaces to config */
+ DECL  struct netinfo          *ipifaddr       INIT(NULL);
+ #endif
+
        /* loopback net */
  DECL  struct netinfo          netloop;

*** ns_main.c.002       Wed Jan 10 14:27:53 1996
--- ns_main.c   Wed Jan 10 16:03:05 1996
***************
*** 413,418 ****
--- 413,426 ----
        buildservicelist();
        buildprotolist();
        ns_init(bootfile);
+ #ifdef IFALIASES
+       /*
+        * the first pass just established the wild card address
+        * now that we have read the boot file, establish the interface
+        * spacific addresses
+        */
+       getnetconf();
+ #endif
  #ifdef DEBUG
        if (debug) {
                fprintf(ddt, "Network and sort list:\n");
***************
*** 927,932 ****
--- 935,944 ----
        u_int32_t nm;
        time_t my_generation = time(NULL);

+ #ifdef        IFALIASES
+       if (first)
+               goto dofirst;
+ #endif
        ifc.ifc_len = sizeof buf;
        ifc.ifc_buf = buf;
        if (ioctl(vs, SIOCGIFCONF, (char *)&ifc) < 0) {
***************
*** 965,970 ****
--- 977,992 ----

*** 965,970 ****
--- 977,992 ----
                dprintf(1, (ddt, "considering [%s]\n",
                            inet_ntoa(((struct sockaddr_in *)
                                       &ifreq.ifr_addr)->sin_addr)));
+ #ifdef IFALIASES
+               /*
+                * if ipifaddr is set only configure these interfaces
+                */
+               if (ipifaddr &&
+                   !addr_on_netlist(
+                       ((struct sockaddr_in *)&ifreq.ifr_addr)->sin_addr
+                       , ipifaddr))
+                       continue;
+ #endif
                /* build datagram queue */
                /*
                 * look for an already existing source interface address.
***************
*** 1091,1096 ****
--- 1113,1121 ----
         * Create separate qdatagram structure for socket
         * wildcard address.
         */
+ #ifdef        IFALIASES
+       dofirst:
+ #endif
        if (first) {
                if (!(dqp = (struct qdatagram *)calloc(1, sizeof(*dqp))))
                        panic(errno, "malloc(qdatagram)");
*** ns_init.c.002       Wed Jan 10 14:43:03 1996
--- ns_init.c   Wed Jan 10 16:09:05 1996
***************
*** 165,170 ****
--- 165,173 ----
  #ifdef BOGUSNS
                free_netlist(&boglist);
  #endif
+ #ifdef IFALIASES
+               free_netlist(&ipifaddr);
+ #endif
                forward_only = 0;
        }

***************
*** 292,297 ****
--- 295,305 ----
                } else if ((strcasecmp(buf, "tcplist") == 0) ||
                           (strcasecmp(buf, "xfrnets") == 0)) {
                        get_netlist(fp, &xfrnets, ALLOW_NETS, buf);
+                       continue;
+ #endif
+ #ifdef IFALIASES
+               } else if (strcasecmp(buf, "interface") == 0) {
+                       get_netlist(fp, &ipifaddr, ALLOW_HOSTS, buf);
                        continue;
  #endif
  #ifdef LOCALDOM

