Re: DNS resolution based on source network

2010-09-28 Thread Matus UHLAR - fantomas
On 27.09.10 19:38, Kevin Darcy wrote:
 Under certain limited circumstances, it might make more sense to put  
 both/all addresses under the same name, and then use the sortlist  
 mechanism to present those addresses in an order which is suitable for  
 particular clients.

certain? I'd say under most. It's always better to get rrset soertd in
network topological order, but when any of servers fails, it's good to have
backup.

If all servers are reachable, simple sortlist statement will be enough.
If they are not, you need different zones in different views.

 Among other things, this requires that all resolver/nameserver configs  
 be configured with the same sortlist configs, that there is no local  
 randomization or re-sorting of the address list,

I've had such problem some time ago (addresses were re-sorted in numeric
order), the suspect was libc or nss_lwres.

 that there are no negative consequences for the client or the client
 software to connect to the wrong address if the preferred one happens to
 be unavailable.

if there are negative cinsequencies of something like that, you/we need load
balancing, failover switching etc.


-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: DNS resolution based on source network

2010-09-27 Thread David Forrest

On Mon, 27 Sep 2010, Thomas Elsgaard wrote:


Hello

Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?

Here is an example

A machine in network 10.3.0.0/16 is contacting DNS to lookup
test.gl, DNS returns - 10.0.0.2
A machine in network 10.5.0.0/16 is contacting DNS to lookup
test.gl, DNS returns - 10.0.0.5

Thomas
Yes, by using view.  I do it so all my internal machines are 
XXX.maplepark.com, using the private network addresses while the external 
world gets my public addresses.  The internal machines are still able to 
get the external addresses by specifying the server address to be the 
external IP (via host or dig).  Most don't need them though.  It does 
require separate zone files though.  I don't mind sharing my .conf file - 
just email me.


Dave
--
David Forrest e-mail   d...@maplepark.com
Maple Park Development Corporation  http://xen.maplepark.com
St. Louis, Missouri(Sent by ALPINE 2.01 FEDORA 11 LINUX)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: DNS resolution based on source network - SOLVED

2010-09-27 Thread Thomas Elsgaard
 Yes, by using view.  I do it so all my internal machines are
 XXX.maplepark.com, using the private network addresses while the external
 world gets my public addresses.  The internal machines are still able to get
 the external addresses by specifying the server address to be the external
 IP (via host or dig).  Most don't need them though.  It does require
 separate zone files though.  I don't mind sharing my .conf file - just email
 me.

 Dave


Thanks eveybody, views was the magic word, i will look into it..

Thomas
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: DNS resolution based on source network

2010-09-27 Thread Warren Kumari


On Sep 27, 2010, at 9:00 AM, Thomas Elsgaard wrote:


Hello

Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?

Here is an example

A machine in network 10.3.0.0/16 is contacting DNS to lookup
test.gl, DNS returns - 10.0.0.2
A machine in network 10.5.0.0/16 is contacting DNS to lookup
test.gl, DNS returns - 10.0.0.5


Yup, one use of this is geolocation / GSLB / stupid DNS tricks:

http://backreference.org/2010/02/01/geolocation-aware-dns-with-bind/

http://www.ip2location.com/ip2location-bind-dns.aspx

and a whole heap more...

W





Thomas
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


--
Consider orang-utans.
In all the worlds graced by their presence, it is suspected that they  
can talk but choose not to do so in case humans put them to work,  
possibly in the television industry. In fact they can talk. It's just  
that they talk in Orang-utan. Humans are only capable of listening in  
Bewilderment.

-- Terry Practhett


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


Re: DNS resolution based on source network

2010-09-27 Thread Kevin Darcy
Under certain limited circumstances, it might make more sense to put 
both/all addresses under the same name, and then use the sortlist 
mechanism to present those addresses in an order which is suitable for 
particular clients.


Among other things, this requires that all resolver/nameserver configs 
be configured with the same sortlist configs, that there is no local 
randomization or re-sorting of the address list, and that there are no 
negative consequences for the client or the client software to connect 
to the wrong address if the preferred one happens to be unavailable.


Views are fine, but historically they're a fairly heavyweight solution 
for this class of requirement, because all relevant zones need to be 
defined multiply and this is difficult to maintain and consumes extra 
memory/CPU resources. The new (9.7.x?) attach-cache feature addresses 
the resource issue somewhat, but still doesn't obviate 
parallel/overlapping zone definitions and associated setup/maintenance. 
With sortlisting, all your zone definitions stay the same, you just need 
to create the round-robin entries and define the appropriate address 
ranges in your sortlist and/or acls clauses.





- Kevin


On 9/27/2010 9:00 AM, Thomas Elsgaard wrote:

Hello

Is it possible with BIND, to resolve the same name (like test.gl) to
different IP's based on the source network of the request?

Here is an example

A machine in network 10.3.0.0/16 is contacting DNS to lookup
test.gl, DNS returns -  10.0.0.2
A machine in network 10.5.0.0/16 is contacting DNS to lookup
test.gl, DNS returns -  10.0.0.5

Thomas
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users



   



___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users