On Tue, Sep 25, 2007 at 03:21:09AM +0200, Kurt Roeckx wrote: > > There are 2 ways to look at this. One is from the point of people > writing an application that connects to some server. The other is from > people running the servers. > > There are dns server implementations that rotates the list of A-records, > so that the load gets distributed over the servers. People setting up > that software know that, and rely on the behaviour. They expect > the client software to select a semi random IP address.
Nobody seems to have explained the different cases yet someone might want to add several addresses to a hostname. So I'm going to try and sum up what I think are the use cases for it, and how rule 9 affects it. - You might want to set up several servers in the same network segment, and all your clients are in the same segment too. For instance you add 1.0.0.2 and 1.0.0.3. All clients are in 1.0.0.0/24. In this case, there is no need for rule 9. It might result in clients prefering one over another in some cases, but it's probably not harmful. - A simular case is that you have 2 segments, 1.0.0.0/24 and 1.0.1.0/24, and you add a 1.0.0.2 and 1.0.1.2. Now you want clients to connect to the one from it's own segment, and fall back to the other if it fails. In this case rule 9 might be useful. But I would rather see that this fall under rule 2 and/or 8, and that such address would be considered one with a site-local scope. It could potentially also fall under rule 4. It's also something that can perfectly be configured in the policy. - You might want to have several server in the same network segment but have your clients in an other network segment. For instance the servers are in 1.0.0.0/24 and the clients in 1.0.1.0/24. In this case rule 9 is not going to have any effect. - Another example is that the servers are provided by different people, and they're spread over the internet. There generally is no relation between the clients and the servers. This is the case were we have a problem with rule 9. It tries to guess which network might be closer, and the guess doesn't really make sense in alot of cases. - A last case is that you set it up with global and a private (site-local) address. This is already covered by rule 2 and rule 8. I think in general setting things up that way doesn't make much sense. So my conclusion is that rule 9 as it is now is only useful in 1 case, and that in that case either one of the other rules should be used instead, or the local policy modified. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
