content-type: text/plain; charset="utf-8"
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:references:from:in-reply-to:message-id:date:to :content-transfer-encoding:mime-version; bh=8405sSBHbUqQmJNtLvbSCwy+OqJKYIuWrGJClCcoDeU=; b=Tmx3VjDj7dCt5Q0Sfm5m/ek1r/sWfjuqyWLShSnqVNf3midUSSVj3w7pZwN+s/TviD VLszhwHfdLTp4EQpLyJwFcd3UwZDfnFCufZKXkQRerabGRiC05MjrhJKJZGUOP8a+0dx QDqUr3zLCHYqW/FxdBJ92MfEVMwbY9zHoaMbpNeRig8FmT3f9caqS1lpkoX4yS+KJDFL df53LOAbuPGZLoZdDB0+GODkAT0KYmjTcbKcp21jRZr+ruy+VJG3wQGXt415CCSSxWmi jvpPw9ITP34dyq9Hy6B5HlOXwwwFJOWQ7qToAJUhvaH4j1yT2771XKtF1sM5h7xaHdcl hsJw==
Date: Thu, 5 Oct 2017 23:08:41 +0200
References: <RT-Ticket-46202@isc.org> <28c1d743800cc0edaf991c7cf9595002@www.isc.org> <rt-4.4.1-23468-1507206223-1956.46202-3-0@isc.org> <20171005183639.17C968996304@rock.dv.isc.org> <rt-4.4.1-22188-1507228607-240.46202-5-0@isc.org>
X-Google-Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:from:in-reply-to:message-id :date:to:content-transfer-encoding:mime-version; bh=8405sSBHbUqQmJNtLvbSCwy+OqJKYIuWrGJClCcoDeU=; b=THDGBCvnExN9q/VabE1T2iVJdfiIJKZ8ArGPIqj+j67izI8x0daQL09+DP7OqTdpA1 YI9HA58c5YNWUdNuEXdKcRvFr2/IdTYBYGrr0nXoG7QM00Lrm8K4f+wxHjg9K+I2Ro1Q rSTNE208KLwyPgOYep9/fBBS93jvRf9t0XEpoAYVJAV54b1KuImOhdR3CE4fXoDqMqvd 3g9WLBzCms88JIzr8ZBtvgsk8f3s7KtKdHS5Tb08SQ2LRErMIdXX0MmQ71pCgko+5noK 3TXIHwi6fB5Ky8jOUyUJWX6hibQrbwZMJhCwNKf9XLS7BBr5KFWUFQpdKcKyJI9ef9Tr tMsA==
X-RT-Interface: Email
X-Received: by 10.80.162.231 with SMTP id 94mr454040edm.280.1507237724450; Thu, 05 Oct 2017 14:08:44 -0700 (PDT)
To: bind9-confidential@isc.org
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 225C9D78B0A for <bind9-confidential@bugs.isc.org>; Thu,  5 Oct 2017 21:08:48 +0000 (UTC)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 356073ACE6D for <bind9-confidential@isc.org>; Thu,  5 Oct 2017 21:08:46 +0000 (UTC)
Received: by mail-wm0-x22f.google.com with SMTP id u138so4272058wmu.5 for <bind9-confidential@isc.org>; Thu, 05 Oct 2017 14:08:46 -0700 (PDT)
Received: from [100.93.0.216] (93-35-160-174.ip55.fastwebnet.it. [93.35.160.174]) by smtp.gmail.com with ESMTPSA id r46sm199005eda.76.2017.10.05.14.08.42 for <bind9-confidential@isc.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 05 Oct 2017 14:08:43 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mx.pao1.isc.org
X-Spam-Status: No, score=-0.4 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_LOW autolearn=unavailable autolearn_force=no version=3.4.1
Message-ID: <6F383FD5-ECDC-4651-8AB0-C3C5EADEB1A5@gmail.com>
Subject: Re: [ISC-Bugs #46202] BIND 9.9.5 - loopback address issue on "listen-on" parameter
X-RT-Incoming-Encryption: Not encrypted
X-Mailer: iPhone Mail (13G36)
Return-Path: <majinzin88@gmail.com>
From: "Marcello Zin" <majinzin88@gmail.com>
In-Reply-To: <rt-4.4.1-22188-1507228607-240.46202-5-0@isc.org>
Delivered-To: bind9-confidential@bugs.isc.org
X-Original-To: bind9-confidential@bugs.isc.org
X-Google-SMTP-Source: AOwi7QClxEbIMqJdZRFirXu3Ah5sZHZxZuTj8qRgHty9Wd319LRVrk9GcDqr0MTd2AGoHEGFjvdmsg==
X-RT-Original-Encoding: utf-8
Content-Transfer-Encoding: quoted-printable
X-GM-Message-State: AMCzsaWCuCmqBfzOLMnHxT+PZ5bj07nCnkiEJ8u7UufJQPThXksS9pYP 3wNG+OmD2U6GvNnGrUS9k0teUtOb
From majinzin88@gmail.com  Thu Oct  5 21:08:48 2017
MIME-Version: 1.0 (1.0)
RT-Message-ID: <rt-4.4.1-25038-1507237729-1039.46202-0-0@isc.org>
Content-Length: 1609

Thanks for replay. I know "any" parameter but I would like to open a socket only on a fixed IP address. I have some processes which open a socket on localhost address different than .1.
I'm my opinion it should work as you said. Of course, the netmask could be different than 127/8 because you can add a different subnet on lo interface.
Let me know if that behavior could be implemented on a next release.
Cheers

> Il giorno 05 ott 2017, alle ore 20:36, Mark Andrews via RT <bind9-confidential@isc.org> ha scritto:
> 
> 
> Remember listen-on and listen-on-v6 are ACLs.  Take the addresses
> on the system and apply check them against the ACL and if they match
> open a socket.
> 
> listen-on { any; }; opens two sockets for every IPv4 interface (TCP
> and UDP) so that UDP replies get the correct source address on
> multi-homed machines.  TCP automatically does this.
> 
> For IPv6 the Advanced Sockets API lets you specify the source address
> of UDP packets and to get the destination address of received packets
> so its possible to get the reply source addresses correct with a
> single socket for listen-on-v6 { any; }; if the OS supports it.
> 
> For AnyIP the server would have to take the ACL list, workout which
> prefixes are actually complete addresses, then apply a 127/8 filter
> to them and attempt to open them only on Linux boxes making sure not
> to match any addresses already configured by matching against the
> existing interfaces.
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
> 
>