Hello Simon,
Saturday, March 24, 2001, 7:40:40 AM, you wrote:
SG> From: "denny @ d - Rex . net" <[email protected]>
>> because the cost of ip addresses,
>> why not implement NAT/ipchain in VSD, so that each virtual domain
>> have one local ip (192.168.x.x) instead of real ip.
>> all share only one (or two for dns) real ip and then VSD decide
>> which local ip to use.
>>
>> this will also make the whole system more SECURE.
>> because virtual host do not have real ip, it's invisible to outsider.
>> this way, VSD automagically function as a firewall too.
>>
SG> How would VSD decide which local ip to use?
SG> HTTP/1.1 is the only protocol which sends a hostname with the request (and
SG> that's at the application level anyway). For all other protocols the only
SG> thing VSD has to work with is the destination ip. If the destination ip is
SG> the same for every virtual server, it can't tell them apart. So every
SG> virtual server must have its own real ip.
Couldn't this be done with a little modification to the named? How
about running some sort of server-side cookie implementation which
would cache the hostname being looked up, and then running an
internally authoritative name server for these requests? I saw some
discussion on the possibility of doing this with DJBDNS a little while
ago, and whilst it's slightly unconventianal (and horrendously
complicated, as well as being not terribly reliable) it could help
address fVSD's major weakness...
--
Best regards,
Andy mailto:[EMAIL PROTECTED]
