Re: How to allow set Host file dns query priorities in BIND
On Feb 23, 2011, at 12:19 PM, Kevin Darcy wrote: Unless one intimately knows the failure behavior of *every*single*app*and*subsystem* in one's environment (which in a large/complex environment is a constantly moving target, since new apps and subsystems are being implemented all the time), one should err on the side of safety and ensure that DNS resolution still works even if the resources that the address (A/) records point to is unavailable. Ah yes, but for any given application, how do we know which is safer? Failure to resolve the name? Or resolving the name and then failing to connect? If an app doesn't handle some error conditions well, why is it safer to assume a priori that one specific error (failure to connect) is handled well and another (failure to resolve the name) handled poorly? By resolving the DNS to something, we could be making things worse. If we establish that a critical app can handle a failure where name resolution works but connecting to the service does not, but cannot handle a failure where name resolution doesn't work, and the app cannot be fixed, then yes, we have an incentive to provide some type of name service that always resolves to something or other. We also have an incentive to get rid of that app, tell others about its weaknesses, etc. John ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to allow set Host file dns query priorities in BIND
On 2/23/2011 12:19 PM, Kevin Darcy wrote: On 2/23/2011 4:57 AM, Eivind Olsen wrote: reason. And if your Internet connection goes down, does it really matter whether you can do lookups, if you can't make the connections anyway? I hear that reasoning a lot, but it's actually a fallacy. Some applications/subsystems differentiate between "host not found" errors (considered "permanent") and "cannot connect" errors (considered "temporary" and retryable). In fact, those might be very different code paths, and the app/subsystem behavior might differ wildly. An app that treats "can't get an answer" the same as "the answer is 'it doesn't exist'" is doing something wrong. Although I guess I'm not trying to say that those apps don't exist. -- Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to allow set Host file dns query priorities in BIND
Den 23. feb. 2011 kl. 18:19 skrev Kevin Darcy : > One should also bear in mind that DNS isn't only used for obtaining address > records for purposes of immediate client/server connection. ...etc... Fair enough. I didn't see any mention of that in the original posting, and I don't think the hosts file is very suited for LOC, TXT and other such records. Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to allow set Host file dns query priorities in BIND
On 2/23/2011 4:57 AM, Eivind Olsen wrote: is there any option in BIND to give priority to HOST file before connecting it to internet ISP or local zone? No. BIND doesn't read/use the hosts file. What you _can_ do is configure BIND to believe it's authoritative for those zones, but I'd not recommend doing this unless you have a very good reason. And if your Internet connection goes down, does it really matter whether you can do lookups, if you can't make the connections anyway? I hear that reasoning a lot, but it's actually a fallacy. Some applications/subsystems differentiate between "host not found" errors (considered "permanent") and "cannot connect" errors (considered "temporary" and retryable). In fact, those might be very different code paths, and the app/subsystem behavior might differ wildly. Unless one intimately knows the failure behavior of *every*single*app*and*subsystem* in one's environment (which in a large/complex environment is a constantly moving target, since new apps and subsystems are being implemented all the time), one should err on the side of safety and ensure that DNS resolution still works even if the resources that the address (A/) records point to is unavailable. One should also bear in mind that DNS isn't only used for obtaining address records for purposes of immediate client/server connection. Data mining, resource location, and general information retrieval functions are often implemented in DNS, and the availability of these functions shouldn't necessarily be made dependent on the up/down status of some arbitrary network link. It's also possible that an app could make a lookup, and as long as the TTL on the records hasn't expired, legitimately attempt a connection at some _later_ time. Not everything is "on-demand". To answer the original poster's question: BIND doesn't control whether a process uses the hosts file for its lookup or not, that's usually an OS-configuration thing (see, e.g. http://en.wikipedia.org/wiki/Name_Service_Switch, http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.files/doc/aixfiles/netsvc.conf.htm, etc.) - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to allow set Host file dns query priorities in BIND
On 2/23/2011 4:08 AM, babu dheen wrote: Hi, Our setup is; We have internal DNS server wherein BIND is configured in RHEL 5 and many internal zones are configured. if Internet connection is down, our Internal DNS severs are not able to get the DNS query from ISP DNS server. Because of this, all users are not able to access many critical application hosted in internet. Now we would like to add those critical applicaton DNS entries in our internal DNS server HOST file. So that if internet link is down, users will be able to get the IP address of the URL through host file. If the names of these "critical applications" reside in zones that you own, you should probably set yourself up as a stealth slave for those zones. If they're in someone else's zones, and being a stealth slave is impractical, then you could play a dangerous game by maintaining a "fake" version of the zone yourself (defined as "master"). Dangerous because the IPs could change without any notice and then your data is instantly invalid. But, I suppose that isn't any worse than hosts-file entries, right? is there any option in BIND to give priority to HOST file before connecting it to internet ISP or local zone? Nope, BIND doesn't control whether a process looks in the hosts file or not. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to allow set Host file dns query priorities in BIND
> is there any option in BIND to give priority to HOST file before > connecting it to internet ISP or local zone? No. BIND doesn't read/use the hosts file. What you _can_ do is configure BIND to believe it's authoritative for those zones, but I'd not recommend doing this unless you have a very good reason. And if your Internet connection goes down, does it really matter whether you can do lookups, if you can't make the connections anyway? Regards Eivind Olsen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to allow set Host file dns query priorities in BIND
On Wed, Feb 23, 2011 at 02:38:19PM +0530, babu dheen wrote a message of 61 lines which said: > if Internet connection is down, our Internal DNS severs are not able > to get the DNS query from ISP DNS server. Because of this, all users > are not able to access many critical application hosted in internet. I really do not understand. If the Internet connection is down, what use could be the Host file since users won't connect anyway? > Now we would like to add those critical applicaton DNS entries in > our internal DNS server HOST file. Very bad idea. A maintenance nightmare. Do you think that, six months from now, someone in your office will notice that Facebook changed its IP address and you have to update the Host file? > So that if internet link is down, users will be able to get the IP > address of the URL through host file. I don't think that the users want an IP address. They want a connection and, if the Internet link is down, getting the address won't help them. > is there any option in BIND to give priority to HOST file before > connecting it to internet ISP or local zone? Bad idea, don't do it. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to allow set Host file dns query priorities in BIND
I was thinking this is most likely the network problem, so you'd better setup a good network with redundancy and high availability. 2011/2/23 babu dheen > > is there any option in BIND to give priority to HOST file before connecting > it to internet ISP or local zone? > > -- Free SmartDNS Hosting: http://DNSbed.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to allow set Host file dns query priorities in BIND
Hi, Our setup is; We have internal DNS server wherein BIND is configured in RHEL 5 and many internal zones are configured. if Internet connection is down, our Internal DNS severs are not able to get the DNS query from ISP DNS server. Because of this, all users are not able to access many critical application hosted in internet. Now we would like to add those critical applicaton DNS entries in our internal DNS server HOST file. So that if internet link is down, users will be able to get the IP address of the URL through host file. is there any option in BIND to give priority to HOST file before connecting it to internet ISP or local zone? Thanks. babu ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users