Bug 94721

Summary: BIND9-named strange behavior
Product: Ports & Packages Reporter: Pavel E. Petrov <kamenka>
Component: Individual Port(s)Assignee: Doug Barton <dougb>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Pavel E. Petrov 2006-03-20 08:20:18 UTC 
After upgrading from 5.3-release to 6.1-prerelease i found that system stop
to make resolvings. There was found an ipfw rule which drops packets to
local named daemon. It was antispoofing rule. So there is a problem:

vr0 is an interface with ip 192.168.1.201
bind listens at 192.168.1.201:53

When i try to do any resolving, system sends packets at 192.168.1.201:53
through lo0, so ipfw antispoof rule drops it coz of missinterfacing.

netstat -rn shows stright pass for all 192.168.1 subnet : LINK#2 (which is vr0)

Now i just skip this rule and all works well.

Note, that 5.3 with its older bind9 was OK with it. The problem started
exactly after upgrading kernel and world.

How-To-Repeat: I havent any thoughts.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2006-03-20 08:24:27 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->dougb

Over to maintainer
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2006-03-21 07:36:53 UTC 
State Changed
From-To: open->feedback

Does this apply to bind in the base system, or the one installed from ports?
Comment 3 Doug Barton freebsd_committer freebsd_triage 2006-05-18 06:08:32 UTC 
State Changed
From-To: feedback->closed


Feedback timeout. 

Also, this looks like a combination of bad named.conf options, 
bad firewall rules, or both. If this is still a problem for 
you, I would suggest sending a message to freebsd-questions@ 
with more information about both of those. 

Good luck, 

Doug