My masters won't allow PowerDNS to access zones as it is using the wrong local IP address
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
By default, PowerDNS lets the kernel pick the source address.
-To set an explicit source address, use the :ref:`setting-query-local-address` and :ref:`setting-query-local-address6` settings.
+To set an explicit source address, use the :ref:`setting-query-local-address` setting.
PowerDNS does not answer queries on all my IP addresses (and I've ignored the warning I got about that at startup)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
``query-local-address``
-----------------------
+.. versionchanged:: 4.4.0
+ Accepts both IPv4 and IPv6 addresses. Also accept more than one address per
+ address family.
-- IPv4 Address
-- Default: 0.0.0.0
+- IP addresses, separated by spaces or commas
+- Default: 0.0.0.0 ::
-The IP address to use as a source address for sending queries. Useful if
+The IP addresses to use as a source address for sending queries. Useful if
you have multiple IPs and PowerDNS is not bound to the IP address your
operating system uses by default for outgoing packets.
+PowerDNS will pick the correct address family based on the remote's address (v4
+for outgoing v4, v6 for outgoing v6). However, addresses are selected at random
+without taking into account ip subnet reachability. It is highly recommended to
+use the defaults in that case (the kernel will pick the right source address for
+the network).
+
.. _setting-query-local-address6:
``query-local-address6``
------------------------
+.. deprecated:: 4.4.0
+ Use :ref:`setting-query-local-address`. The default has been changed
+ from '::' to unset.
- IPv6 Address
-- Default: '::'
+- Default: unset
Source IP address for sending IPv6 queries.
::arg().setSwitch("local-address-nonexist-fail","Fail to start if one or more of the local-address's do not exist on this server")="yes";
::arg().setSwitch("non-local-bind", "Enable binding to non-local addresses by using FREEBIND / BINDANY socket options")="no";
::arg().setSwitch("reuseport","Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket")="no";
- ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0";
- ::arg().set("query-local-address6","Source IPv6 address for sending queries")="::";
+ ::arg().set("query-local-address","Source IP address for sending queries")="0.0.0.0 ::";
+ ::arg().set("query-local-address6","DEPRECATED: Use query-local-address. Source IPv6 address for sending queries")="";
::arg().set("overload-queue-length","Maximum queuelength moving to packetcache only")="0";
::arg().set("max-queue-length","Maximum queuelength before considering situation lost")="5000";
}
pdns::parseQueryLocalAddress(::arg()["query-local-address"]);
- pdns::parseQueryLocalAddress(::arg()["query-local-address6"]);
+ if (!::arg()["query-local-address6"].empty()) {
+ g_log<<Logger::Warning<<"query-local-address6 is deprecated and will be removed in a future version. Please use query-local-address for IPv6 addresses as well"<<endl;
+ pdns::parseQueryLocalAddress(::arg()["query-local-address6"]);
+ }
// NOW SAFE TO CREATE THREADS!
dl->go();
ComboAddress remote(ip, 53); // default to 53
if((d_nsock6 < 0 && remote.sin4.sin_family == AF_INET6) ||
(d_nsock4 < 0 && remote.sin4.sin_family == AF_INET)) {
- g_log<<Logger::Warning<<"Unable to notify "<<remote.toStringWithPort()<<" for domain '"<<domain<<"', address family is disabled. Is query-local-address"<<(remote.sin4.sin_family == AF_INET ? "" : "6")<<" unset?"<<endl;
+ g_log<<Logger::Warning<<"Unable to notify "<<remote.toStringWithPort()<<" for domain '"<<domain<<"', address family is disabled. Is an IPv"<<(remote.sin4.sin_family == AF_INET ? "4" : "6")<<" address set in query-local-address?"<<endl;
d_nq.removeIf(remote.toStringWithPort(), id, domain); // Remove, we'll never be able to notify
continue; // don't try to notify what we can't!
}
if (!pdns::isQueryLocalAddressFamilyEnabled(remote.sin4.sin_family)) {
bool isV6 = remote.sin4.sin_family == AF_INET6;
g_log<<Logger::Error<<"Unable to AXFR, destination address is "<<remote<<" (IPv"<< (isV6 ? "6" : "4") <<
- ", but that address family is not enabled for outgoing traffic (query-local-address"<<(isV6 ? "6" : "")<<")"<<endl;
+ ", but that address family is not enabled for outgoing traffic (query-local-address)"<<endl;
return;
}
laddr = pdns::getQueryLocalAddress(remote.sin4.sin_family, 0);
projects / thirdparty / pdns.git / commitdiff
