> The many problems associated with having multiple interfaces
> and hence ip
> addresses associated with a given host can be overcome by the
> use of a VIPA
> (and Source VIPA).
Very good point. Introduces some other issues, but fixes a lot of other
stuff.
> The though of putting *all* IP addresses into the DNS sounds
> way too much
> like overkill, make the computers do the work ;-)
Actually, it's not much work at all. Use of the $GENERATE directive in
BIND config files makes this easy. A typical zone file for us looks
like:
;; begin included zone file:
$TTL 3600
@ IN SOA dns.sinenomine.net. [EMAIL PROTECTED] (
2004072611 ; Serial
7200 ; 2 hr. Refresh
3600 ; 1 hr. Retry
86400 ; 1 day Expire
3600 ; 1 hr min. TTL
)
;
; nn.1 is always the default gw in our network design
;
segment-<nn>-gw IN A xx.yy.nn.1
;
; Servers on segment nn
;
server1-primary IN A xx.yy.nn.2
server1-maint IN A a.b.c.2
server1-backup IN A y.q.r.2
server1-unused IN A t.b.s.2
server1 IN CNAME server1-primary.
.
(similar entries for each assigned address in nn.X, 4 servers in this
example, addresses 2-5)
(in our site, addresses are assigned when the machines are physically
racked, cf the '-unused' entry)
.
.
;
; Unused addresses in segment nn
;
$GENERATE 6-254 unused-nn-$ A xx.yy.nn.$
;
; nn.255 is always the broadcast address in our network design
;
segment-<nn>-bcast IN A xx.yy.nn.255
;; end included zone file:
Replace the "nn" with a subnet value, and each time you assign an
address to a server in that subnet, you add the lines for that server
and update the $GENERATE line. Easy to maintain, everything ALWAYS
resolves forward and backward (if you use a similar setup in your
reverse zone files), you immediately know when someone's using an
unassigned address (and you can block them from doing stupid things
using symbolic name-based rules instead of address patterns) and is also
pretty much trivial to machine-generate from a database.
Note that the CNAME can become a round-robin distribution, a VIPA
address, or other nifty maintenance tricks w/o breaking the "every
interface defined" rule. This approach also allows you to specifically
select an interface to use for things like instrumentation or backup, or
move the primary interface for a server with pretty much zero client
notification, etc.
That's one of the nice things about modern BIND. Lots of labor saving
improvements.
-- db
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
