|
I've done a lot of DNS in the past and I always thought zone transfers were
TCP.
Apparently doing some sniffs, the following connection will occur:
slaveDNS:53 -> masterDNS:53
I'm not sure what the UDP is for, but the actual zones are transferred by
TCP. I don't have any old DNS servers left laying around to check, but
perhaps the UDP connections before the TCP connections are newer to BIND
9??? (who knows with them)
This is what is killing me right now.
I'm still a bit confused.
Just for the sake of discussion, if the UDP transfers were:
slaveDNS:HighPorts -> masterDNS:53
Would LVS let the UDP packets pass???
I'm not really that worried about "untracked packets" as with my main setup
I have iptables rules all around them. Which leads up to another
question...
To use connection tracking, I can use "-m state" in iptables or the LVS
commands, but not both?
Thanks/B++
*********** REPLY SEPARATOR ***********
On 12/14/01, at 1:28 AM, Julian Anastasov wrote:
>Hello,
>
>On Thu, 13 Dec 2001, Brett Johnson wrote:
>
>> It appears that all outgoing UDP packets (not incomming through the VIP
>> address) get dropped when the "ipvsadm -a -u 65.172.141.8:53 -r
>> 172.16.1.8:53 -m" line is in place. TCP connections from the slave DNS
>> server going out seem to work fine, though.
>
> It is true that LVS drops untracked packets from the real
>servers. 0.9.8 has sysctl option to control it, with the warning
>that it is dangerous. But I'm wondering, is it true that the zone
>transfers work on UDP?
>
>Regards
>
>--
>Julian Anastasov <ja@xxxxxx>
>
>
>_______________________________________________
>LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
>Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
>or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
