address spoofing

Roeland M.J. Meyer rmeyer at
Mon Apr 26 08:50:17 UTC 1999

The third edition "DNS and BIND" books, from O'Reilly <> also goes into detail on how to do it.

Roeland M.J. Meyer
Morgan Hill Software Company, Inc.
mailto://[email protected]
You can always tell the people that are forging the new frontier.
They're the ones with flaming arrows sticking out of their backs and
looking a little charred around the edges.


> -----Original Message-----
> From: owner-nanog at [mailto:owner-nanog at]On Behalf Of
> Andrew Brown
> Sent: Sunday, April 25, 1999 8:10 AM
> To: Phil Howard
> Cc: nanog at
> Subject: Re: address spoofing
> >> then, you can have (if you want) another bind listening on other
> >> interfaces for other stuff.  like the "internal dns" server that you
> >> mentioned.  or maybe a recursive, caching-only server that listens
> >> only on  of course...they can speak to each other if need
> >> be.  :)
> >
> >I tried 2 instances of BIND and they didn't work right.  One functioned
> >and the other played dead (very dead ... as in the process blocked and
> >would not wake up).  One needs 2 separate machines to get it to actually
> >work right (times the amount of redundancy desired).  If you know the
> >magic to make it work right, I'd sure like to know.  Maybe some kind of
> >lock somewhere?
> the trick is to tell them specifically to listen on different
> interfaces.  if you don't do that, then they will collide.  other
> things (such as a different query or forwarding port, a separate pid
> file, etc.) are also rather necessary.
> i will attach a small shar file that paul vixie posted to the
> bind-workers mailing list a little over a year and a half ago that
> demonstrates exactly this.
> -- 
> |-----< "CODE WARRIOR" >-----|
> codewarrior at             * "ah!  i see you have the internet
> twofsonet at (Andrew Brown)                that goes *ping*!"
> andrew at       * "information is power -- share the wealth."

More information about the NANOG mailing list