Skip to content

kresd answer from different IP

Hello, I hit weird behaviour of kresd and i think it is a bug. I have 1 public IP on the network interface and i also have another two public IPs od dummy interface. Kresd listen on all interfaces and when i send query to IP sitting on dummy iface, kresd send back response with SRC ip (probably) resolved from routing table - which is, in this case, IP of real network interface.

I think it is not correct behaviour. I cannot get response from different address. I try Unbound dns server it the same situation and it works good. Response came from requested IP.

My config is:

-- vim:syntax=lua:
-- Refer to manual: http://knot-resolver.readthedocs.org/en/latest/daemon.html#configuration

-- interfaces
net.ipv4 = true
net.ipv6 = true
net.listen({ '0.0.0.0', '::' }, 53)

-- drop privileges
user('kresd', 'kresd')

-- Load Useful modules
modules = {
        'policy',   -- Block queries to local zones/bad sites
        'view',     -- 
        'stats'     -- Track internal statistics
}

-- ACL
view:addr('15.62.0.0/15', function (req, qry) return policy.PASS end)
view:addr('128.13.5.67', function (req, qry) return policy.PASS end)
view:addr('2a01:bbbb:2:312:2222:2222::/64', function (req, qry) return policy.PASS end)
-- view:addr('0.0.0.0/0', function (req, qry) return policy.DROP end)

-- unmanaged DNSSEC root TA
trust_anchors.config('/etc/kresd/root.keys', nil)

cache.size = 2 * GB

Traffic dump:

14:38:37.908237 IP 128.15.1.67.42957 > 25.62.162.162.53: 17304+ [1au] A? centrum.cz. (39)
14:38:37.908443 IP 15.62.162.98.53 > 128.15.1.67.42957: 17304$ 1/0/1 A 46.255.231.48 (55)

IPs:

3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    inet 15.62.162.98/30 brd 85.162.162.99 scope global ens192
       valid_lft forever preferred_lft forever
4: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    inet 15.62.162.162/32 brd 85.162.162.162 scope global dummy0
       valid_lft forever preferred_lft forever
5: dummy1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    inet 15.62.162.85/32 brd 85.162.162.85 scope global dummy1

Routes:

default via 15.62.162.97 dev ens192  proto bird 
15.62.162.96/30 dev ens192  proto kernel  scope link  src 15.62.162.98

Regards,

Daniel

Edited by Vitezslav Kriz
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information