On Mon, Aug 13, 2012 at 10:18 AM, John Williams <john.1...@yahoo.com> wrote: > I've a system with two interfaces; a management and a data interface. My > default route is set out to the data interface. > > doing a > > dig +tcp someIP.com @some.resolver > > works fine. > > If I want a UDP based query, I have to specify -b option and provide IP of > the interface otherwise it fails. > > Why is that? > > I would imagine the query would travel out the default route of the host.
It certainly should. You might try a traceroute to the server and confirm how it goes out. But the problem is probably NOT how it goes out, but how it comes back. '-b' sets the source address of the packets that will appear in the IP header, but does not specify the route it should take. Sounds line the default ADDRESS placed in the outgoing packets night not be what you expect and that the return path might be hitting a firewall that allows TCP established packets. Of course, established does not work or UDP, but by forcing the source, the response is hitting the data interface, where it is permitted. This is largely guesswork, but use of tcpdump and looking at the the counter/logs of any firewall should confirm this or let you move on to other options. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
