Re: (use-)alt-transfer-source deprecated

[Matthijs Mekking]

Hi,

On 2/1/23 09:57, Gasoo wrote:
Hello
I recently updated to 9.18.x and noticed the deprecation warning in the 
logs for the option use-alt-transfer-source.
After reading the manual and checking my configuration, I am confused on 
how this is going to work in future releases.

My configuration includes the following statements:

options {
   listen-on { 1.1.1.1; 2.2.2.2; 3.3.3.3; };
   transfer-source  3.3.3.3;
   query-source  3.3.3.3;
   notify-source  3.3.3.3;
   use-alt-transfer-source no;
   ...
}

Looking at your configuration, you actually don't use 
alt-transfer-source: there is no such option in your example and 
'use-alt-transfer-source' is set to no anyway.

1.1.1.1 and 2.2.2.2 are only used for incoming DNS queries from clients 
and can not be used for zone transfers.
If I remove the option use-alt-transfer-source, in some cases (e.g. 
SERVFAIL from primary), additional zone transfers are tried via 
0.0.0.0#0, which the OS then sends via the best matching interface / IP 
address. >
For this reason the option use-alt-transfer-source is in my configuration.

 From the manual.

use-alt-transfer-source:
This indicates whether the alternate transfer sources should be used. If 
views are specified, this defaults to no; otherwise, it defaults to yes.
alt-transfer-source:
This indicates an alternate transfer source if the one listed in 
transfer-source fails and use-alt-transfer-source is set.


How will this be handled in future releases, if transfer-source is 
specified, no views are defined and an error occurs?
Is there any other solution to disable transfers from 0.0.0.0#0 in my case?

I guess in your 9.18 configuration if you don't set 
'use-alt-transfer-source', it defaults to yes. Since 
'alt-transfer-source' defaults to 0.0.0.0#0', you still need the 
configuration despite it is being deprecated.

From 9.20.0 the feature will be gone, the options 
'use-alt-transfer-source' and 'alt-transfer-source' will no longer 
exist, and thus alternate transfer source will no longer be tried.

In other words, from 9.20.0 it will be as if 'use-alt-transfer-source' 
was set to 'no'.

Best regards,

Matthijs




Kind Regards
Stephan

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users