Re: two NS servers on a single host
In message 809645.28773...@web15601.mail.cnb.yahoo.com, Tech W. writes: Hello, I have a bind host installed. It has two public IP addresses. I want to give two NS records for my domain, each NS take each of the IP set in the host. more details, the host has two IPs: 61.145.121.59 211.66.80.59 surely policy reoute for two nics was enabled. I add these info into named.conf: mydomain.com. IN NS ns1.mydomain.com. mydomain.com. IN NS ns2.mydomain.com. ns1.mydomain.com. IN A 61.145.121.59 ns2.mydomain.com. IN A 211.66.80.59 There is only one named run in that host. Under this config, does it seem that there are two name servers exist for myd omain.com? Is it a right way? Thanks. The two nameserver rule is to provide redundancy. Two names that refer to the same machine does not provide redundancy. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: two NS servers on a single host
In article guel1o$2ds...@sf1.isc.org, Bradley Giesbrecht b...@pixilla.com wrote: On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote: On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. tech...@yahoo.com.cn wrote a message of 34 lines which said: I want to give two NS records for my domain, each NS take each of the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for redundancy reasons. If the two name servers are on the same host, what's the point? There would be no gain in reliability. If you have ever had the ip for your name server the target of a dos attack you could have blocked traffic to that ip and still had dns. Two networks to same host is network redundancy and has value. But a in that case you would include one NS record for a host with two A records. Check the NS records for my own domain for an example. Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: two NS servers on a single host
It is network redundancy only in so far the DOS attack doesn't cause your CPU and memory to get slammed. If you're doing redundancy you really ought to do the whole thing by getting another server and putting IT on the other network. Then you don't have a single point of failure (unless they're both in the same data center). If you really want to do two different IPs on one host you could probably use views to accomplish this but that would be all within a single BIND setup so your theoretical DOS attack would probably cause both views to have issues. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bradley Giesbrecht Sent: Wednesday, May 13, 2009 10:22 AM To: Stephane Bortzmeyer Cc: bind-users@lists.isc.org Subject: Re: two NS servers on a single host On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote: On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. tech...@yahoo.com.cn wrote a message of 34 lines which said: I want to give two NS records for my domain, each NS take each of the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for redundancy reasons. If the two name servers are on the same host, what's the point? There would be no gain in reliability. If you have ever had the ip for your name server the target of a dos attack you could have blocked traffic to that ip and still had dns. Two networks to same host is network redundancy and has value. //Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: two NS servers on a single host
On May 13, 2009, at 7:29 AM, Jeff Lightner wrote: It is network redundancy only in so far the DOS attack doesn't cause your CPU and memory to get slammed. I would block the block the ip under attack upstream so no cpu or memory issues. I didn't claim anything other then there can be in fact value in having one computer on more then one network. This was in response to your comment This would be completely useless which I disagree with. //Brad If you're doing redundancy you really ought to do the whole thing by getting another server and putting IT on the other network. Then you don't have a single point of failure (unless they're both in the same data center). If you really want to do two different IPs on one host you could probably use views to accomplish this but that would be all within a single BIND setup so your theoretical DOS attack would probably cause both views to have issues. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bradley Giesbrecht Sent: Wednesday, May 13, 2009 10:22 AM To: Stephane Bortzmeyer Cc: bind-users@lists.isc.org Subject: Re: two NS servers on a single host On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote: On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. tech...@yahoo.com.cn wrote a message of 34 lines which said: I want to give two NS records for my domain, each NS take each of the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for redundancy reasons. If the two name servers are on the same host, what's the point? There would be no gain in reliability. If you have ever had the ip for your name server the target of a dos attack you could have blocked traffic to that ip and still had dns. Two networks to same host is network redundancy and has value. //Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: two NS servers on a single host
Jeff, my apologies. I read the quoting levels wrong. On May 13, 2009, at 8:01 AM, Bradley Giesbrecht wrote: On May 13, 2009, at 7:29 AM, Jeff Lightner wrote: It is network redundancy only in so far the DOS attack doesn't cause your CPU and memory to get slammed. I would block the block the ip under attack upstream so no cpu or memory issues. I didn't claim anything other then there can be in fact value in having one computer on more then one network. This was in response to your comment This would be completely useless which I disagree with. //Brad If you're doing redundancy you really ought to do the whole thing by getting another server and putting IT on the other network. Then you don't have a single point of failure (unless they're both in the same data center). If you really want to do two different IPs on one host you could probably use views to accomplish this but that would be all within a single BIND setup so your theoretical DOS attack would probably cause both views to have issues. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bradley Giesbrecht Sent: Wednesday, May 13, 2009 10:22 AM To: Stephane Bortzmeyer Cc: bind-users@lists.isc.org Subject: Re: two NS servers on a single host On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote: On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. tech...@yahoo.com.cn wrote a message of 34 lines which said: I want to give two NS records for my domain, each NS take each of the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for redundancy reasons. If the two name servers are on the same host, what's the point? There would be no gain in reliability. If you have ever had the ip for your name server the target of a dos attack you could have blocked traffic to that ip and still had dns. Two networks to same host is network redundancy and has value. //Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: two NS servers on a single host
No worries. Compared to some posts directed my way in various forums (even this list) this was mild and I just wanted to set the record straight. In one list I'm on this kind of response would immediately result in a 3 day thread about why top posting (or bottom posting or in line posting or maybe all 3) is evil and causes cancer. :) -Original Message- From: Bradley Giesbrecht [mailto:b...@pixilla.com] Sent: Wednesday, May 13, 2009 1:17 PM To: Bradley Giesbrecht Cc: Jeff Lightner; bind-users@lists.isc.org Subject: Re: two NS servers on a single host Jeff, my apologies. I read the quoting levels wrong. On May 13, 2009, at 8:01 AM, Bradley Giesbrecht wrote: On May 13, 2009, at 7:29 AM, Jeff Lightner wrote: It is network redundancy only in so far the DOS attack doesn't cause your CPU and memory to get slammed. I would block the block the ip under attack upstream so no cpu or memory issues. I didn't claim anything other then there can be in fact value in having one computer on more then one network. This was in response to your comment This would be completely useless which I disagree with. //Brad If you're doing redundancy you really ought to do the whole thing by getting another server and putting IT on the other network. Then you don't have a single point of failure (unless they're both in the same data center). If you really want to do two different IPs on one host you could probably use views to accomplish this but that would be all within a single BIND setup so your theoretical DOS attack would probably cause both views to have issues. -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Bradley Giesbrecht Sent: Wednesday, May 13, 2009 10:22 AM To: Stephane Bortzmeyer Cc: bind-users@lists.isc.org Subject: Re: two NS servers on a single host On May 13, 2009, at 6:51 AM, Stephane Bortzmeyer wrote: On Wed, May 13, 2009 at 09:02:55PM +0800, Tech W. tech...@yahoo.com.cn wrote a message of 34 lines which said: I want to give two NS records for my domain, each NS take each of the IP set in the host. Why? This would be completely useless. RFC 1034 and other documents call for at least two name servers, for redundancy reasons. If the two name servers are on the same host, what's the point? There would be no gain in reliability. If you have ever had the ip for your name server the target of a dos attack you could have blocked traffic to that ip and still had dns. Two networks to same host is network redundancy and has value. //Brad ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users