Solved Set ip for outbound traffic with aliases on interface

S

schaefer_hka

Hello forum,

Info​

I've a network interface with two IPs from the same network:
/etc/rc.conf
Code: 
hostname="dns-test"
#
ifconfig_vtnet0="inet x.y.z.201/24"       # SSH access IP_MAIN
ifconfig_vtnet0_alias01="inet x.y.z.4/32" # DNS server IP_ALIAS
#
defaultrouter="x.y.z.254"  # Set to default gateway (or NO).

The primary IP ( IP_MAIN) is for accessing the machine which runs a bind9 DNS server listening on the alias IP address (IP_ALIAS).

The machine is shielded by external firewalls:
  • On IP_MAIN allow only internal traffic
  • On IP_ALIAS allow outgoing traffic to DNS rootservers for DNS resolution

Problem​

  • When I do a DNS query for a public domain, the query fails with a timeout as the outgoing connections are blocked
  • That means it uses the primary IP as source

Solution found​

When I switch the ips, so I make IP_ALIAS the primary IP and IP_MAIN to the alias IP, resolution works fine without a problem.

Questions​

  • Is there a option to tell the system which IP to use for outbound traffic apart from setting the IP as primary?
  • Can I even be more specific and tell the system which IP to use for DNS traffic?

Thanxs in advance, I hope a have explained my problem well enough

Marc
 
Hi forum,
I did some further research and have been able to find a solution to my specific problem with bind9.
Bind9 query-source offers a option to not only set the listening address, but also the ip address that is used a source for queries:

/usr/local/etc/namedb/named.conf
Code: 
options {
    .
    .
    .
    listen-on   port 53 { 127.0.0.1; x.y.z.4; };
    query-source address x.y.z.4;               # Use a specific IP for sending queries
};

Regards

Marc
 
You must log in or register to reply here.
Back
Top