On 04/13/2012 11:00 PM, Brian Cook wrote:
> Yes, this is exactly what I am trying to accomplish.  I've already
> been looking in to the BIND views clause and would like to hear if
> anyone has any feedback as to how well this works in the real world.
> In this case the implementation of IPA is using an external standard
> BIND implementation loading from text files.  However, views would be
> very useful for IPA to be able to do internally, so figuring out how
> to  get this option in to BIND using 389ds backend would be a useful step.

AFAIK there is an SSSD RFE that allows you to define a group of primary
servers for a client that the client would use to fail over between and
only when they all are not available it will fail over to DNS. At least
I remember a discussion about it. It seems that such feature would
accomplish the same but with less work. Would it be sufficient?

See comment 6 in the https://fedorahosted.org/sssd/ticket/1128

> Thanks,
> Brian
> ---
> Brian Cook
> Solutions Architect, Red Hat, Inc.
> 407-212-7079
> On Apr 13, 2012, at 2:41 PM, Petr Spacek wrote:
>> On 04/13/2012 10:28 PM, Jakub Hrozek wrote:
>>> On Fri, Apr 13, 2012 at 01:04:55PM -0700, Brian Cook wrote:
>>>>    Ideally I would rely on a -group- of servers, and then rely on
>>>> DNS if it
>>>>    is down.  I don't want to hammer one server.  We're talking
>>>> about 500-1000
>>>>    servers running virtual machines, so potentially a lot of
>>>> traffic.  Got
>>>>    any suggestions for that?
>>> Hello Brian,
>>> I'm not sure I understand what you are trying to achieve. Are you trying
>>> to spread the client load among replicas? If so, then I think the SRV
>>> records in DNS are really the best answer. You can organize the servers
>>> in "tiers" by using the priority field and then spread the load in a
>>> tier by using the "weight" field.
>> Greetings,
>> if I understand correctly, you need to set different priority for SRV
>> records and this new priority has to be dependent on client's IP address.
>> AFAIK only way how to accomplish this is BIND "view" clause. You have to:
>> - create copy of original zone for each location and modify SRV
>> record priorities
>> - then you have to set "views" and create mapping between IP address
>> <-> new zone
>> This way requires multiple copies of original zone, each with little
>> differences.
>> In case of classical zone files is not a big problem: You can keep
>> SRV records separated in small files and "$INCLUDE" normal records to
>> them from single place.
>> In cases with LDAP database it's a much harder, because there is no
>> simple $INCLUDE clause, I think.
>> We have to consult this problem with 389 guys ... It can be task for
>> some kind of directory server plugin.
>> Some examples and documentation:
>> http://wiki.sipfoundry.org/display/sipXecs/Location+based+DNS+views+for+sipXecs+using+BIND
>> (It belongs to some SIP solution, but it's exactly what you want.)
>> http://www.zytrax.com/books/dns/ch7/view.html
>> http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.ch06.html#view_statement_grammar
>> I'm adding BIND maintainer to this discussion.
>> Petr^2 Spacek
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to