The problem is I have lots of IPv6 addresses where I need to listen DNS requests (IPv6 prefix of /64) and I could not just explicitly add each to the interface, thus I use AnyIP feature to be able to use entire prefix by locally by such software like nginx, curl, etc.
Regarding the usage of [::] - due to usage of firewall I am able to block connections to the 53/udp and 53/tcp which are not coming to specific IP addresses or ranges, I do not need such filtering functionality within bind itself. Anyway, the better option is to allow bind to a so known "non-local" IP addresses. Currently if I try to bind named to a IP address within AnyIP prefix but which is not explicitly added to an interface it just not bind socket here. Read this blog post for more details on AnyIP feature: https://blog.widodh.nl/2016/04/anyip-bind-a-whole-subnet-to-your-linux-machine/ 2023-03-13T08:55:16Z Michael Richardson <m...@sandelman.ca>: > > Serg via bind-users <bind-users@lists.isc.org> wrote: > > As an alternative approach I have tried to run with a configuration > > "listen-on-v6 { any; }", but it does behave in a way I need - it binds > > separate socket for each discovered IP address rather wildcard address > > of [::]. > > Bind needs to bind a new socket for each address so that it can easily know > which address is being communicated with. While there are newer ways to do > this, they aren't that portable. > > What is the problem with binding to all the addresses, if you then filter > which addresses will actually respond? > > Many large authoritative resolvers put the anycast address on the lo, and > then use > BGP to announce connectivity, and AFAIK, they all just listen on all > addresses, because sometimes you want to ask a specific server a question. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
