On Wed, 18 Oct 2000, Tony Nugent wrote:
>What I need to know is: if and how it is possible to somehow have a
>(local) dns lookup that uses /etc/hosts to properly handle hostnames
>that have two IP addresses (ie, multi-homed boxes).
DNS has nothing to do with /etc/hosts.
>Background:
>
>The simple way to reverse-resolve dns lookups for, eg, a small local
>private subnet that doesn't have a DNS server, is to put an entry
>for each box on the network into /etc/hosts.
You're contradicting yourself. ;o) DNS is DNS. DNS being DNS
uses a DNS server. No DNS server, no DNS. ;o)
You're confusing the resolver library with DNS. The resolver can
and will USE DNS if it is configured, as well as /etc/hosts, NIS,
etc.. but doing a resolver name lookup is not doing DNS, and
/etc/hosts lookups likewise are not DNS.
>(Note that I am specifically talking about *reverse* lookups here).
>
>Ok, this works very well for single-homed boxes - one IP, one
>hostname, one entry.
>
>But NOT for multi-homed boxes (in this case, servers) which have
>interfaces into two different subnets (and they are not acting as
>routers).
>
>For example, a client box might have this in /etc/hosts:
>
>127.0.0.1 localhost.localdomain localhost
>172.16.1.1 gateway.mydom.com gateway
>172.16.2.4 www.mydom.com www
>172.16.1.4 www.mydom.com www
This doesn't make sense though. ;o)
>That is, it lists the two IPs for the web server.
Why? ;o)
>But the problem is that the *first* matching entry is always the one
>used.
Yep, thats the way it is supposed to work. ;o)
>If the order of the entry in /etc/hosts is as above, a
>connection made from www to a client will resove "www" to the
>IP on the other subnet, not its local one.
You lost me here...
>If a mount request comes from www's other interface (it
>shouldn't, but could), then things like nfs mount requests and ssh
>start to fail due to (local) reverse lookup results that are
>inconsistent with the IP it finds for that host.
Sounds like a routing problem to me. Multihomed boxes need to
run stuff like routed/gated. You can't just plop 3 NIC's in a
machine, turn it on, and use all three interfaces from wherever.
You need routing protocols running. And a nameserver is a good
idea too. ;o)
>Ok, I could change the order, but the problem then happens the other
>way.
>
>Doing this doesn't seem to work:
>
>172.16.2.4 172.16.1.4 www.mydom.com www
No, that wouldn't work. ;o)
>Any suggestions? I've never seen any proper docs (eg, in the
>howtos) on this sort of /etc/hosts tweaking over the years, but this
>is a problem that is starting to hit me in the face too much to
>ignore any longer...
The problem is you're wanting to do something impossible without
understanding the problem. ;o)
You need to use DNS definitely. Read the DNS HOWTO to get
started, and I recommend looking for a multi-homed HOWTO too, as
well as:
man resolver
man named
man named.conf
Also look at routed and gated packages, but I can't begin to help
with them.
As for 2 IP's reverse looking up to the same FQDN, you would
likely have 2 zone files, one for the 172.16.2, and one for the
172.16.1. Simply put reverse name records into the DNS zone
files that point both IP's to the same name, something like:
172.16.2.4 PTR www.mydom.com.
172.16.1.4 PTR www.mydom.com.
Personally, I keep stuff separated into separate files cleanly,
and I recommend the same. This will only work properly I believe
if your DNS is authoritative for www.mydom.com. I'm no DNS
expert, but I've tinkered with it enough I think the above info
is all correct.
Good luck.
TTYL
----------------------------------------------------------------------
Mike A. Harris - Linux advocate - Open source advocate
Computer Consultant - Capslock Consulting
Copyright 2000 all rights reserved
----------------------------------------------------------------------
[Quote: Linus Torvalds linux-2.4.0-test8-pre6 release message - Sept 6, 2000]
But I have this ugly feeling that I'm coming down with the same flu that
everybody else in my family had the last week, so I'd better release this
before I start puking on my keyboard.
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
