[Yeti DNS Discuss] dnscap losing packets?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Jun 18 07:37:43 UTC 2015
On Thu, Jun 18, 2015 at 11:39:00AM +0800,
龚道彪 <dbgong at biigroup.cn> wrote
a message of 164 lines which said:
> maybe I found the reason. when your host is multihomed, dnscap will
> only capture on one NIC
I don't think this is the reason, see later.
> result on pcap file:
> eth0: get the query only
> eth1: get the response only
This may be because, by default, the reply is sent on eth1 (test with
tcpdump to be sure). In my case, the result is not reproducible
(sometimes, I get the query, sometimes not).
> Stephane, is your host multihomed?
Yes, a Linux VPS with two virtual interfaces, eth0 is used for
management (dahu1-mnt.yeti.eu.org, SSH, SMTP and so on) and eth1 for
the DNS service (dahu1.yeti.eu.org). Default route goes through eth0,
source routing is used to be sure that the DNS replies go through eth1
(checked with tcpdump and pcapdump).
More information about the discuss
mailing list