On Fri, Mar 20, 2020 at 1:16 PM Warren Kumari <war...@kumari.net> wrote:
> On Fri, Mar 20, 2020 at 1:04 PM Matus UHLAR - fantomas > <uh...@fantomas.sk> wrote: > > > > >On Fri, Mar 20, 2020 at 3:14 AM David Klatt <d.kl...@sonnen.de> wrote: > > >> I can't find a way to do the following although I invested plenty of > time > > >> in research - maybe you guys have an idea: > > >> > > >> With bind, I'd need to serve a single A record with 30+ IP > addresses and > > >> these addresses have to be returned in random order round robin, > > >> which is done with: > > > > >> Now I'd like bind to just return a random subset of e.g. 5 IP > addresses > > >> if someone requests this A record. > > > > On 20.03.20 10:37, Warren Kumari wrote: > > >I realize that this is the BIND list, but this sounds like an almost > > >perfect example of PowerDNS's LUA record type (or something with > > >CoreDNS) > > >Other than that, the only thing I can think of is BIND with DLZ and a > > >database that returns a random subset from a DB query, but that sounds > > >awful... > > > > I don't think BIND can do this at all. And I don't think it should... > > > > >> Reason for this are in my case some (thousands) older clients (that I > can't control) > > >> that seem not being able to handle that many IPs - the OS resolver > just returns an error. > > > > why no use IPVS-like load balancer and hide all hosts behind one or two > IPs? > > that would help you much more, amongst others when any of those machines > > fails. > > That's almost definitely the right answer, but there *are* cases where > something like what the OP was asking for - 0.pool.ntp.org springs to > mind as one example. > But, yes, a load balancer / anycast is almost definitely going to be a > better choice... > > Warren. > > > > > > > > -- > > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > > Warning: I wish NOT to receive e-mail advertising to this address. > > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > > WinError #98652: Operation completed successfully. > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf > > Do you know why the OS is having a problem? It just occurs to me that the problem might be that the result does not fit in a UDP packet, (without EDNS?) and the fallback to TCP is not working. Can you try 'dig ...' and 'dig +tcp ...' on that OS to see if both are working? If it is DNS TCP issue, there might be a solution in fixing firewalls/acls/iptables or such. -- Bob Harold
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users