multihomed name servers, need verification/help...
Barry Margolin
barmar at genuity.net
Tue May 30 14:35:41 UTC 2000
In article <393153FA.A004EBF9 at csbs.utah.edu>,
Demian Hanks <demian at csbs.utah.edu> wrote:
>There
>and i wanted to verify that I understand the correct way to
>do this for a multihomed name server.
>(http://www.isc.org/ml-archives/bind-users/2000/01/msg00660.html)
>
>I have 2 name servers ns1 & ns2, and this is what the zone files look like:
>
>db.mydomain:
> IN NS ns1.mydomain.com.
> IN NS ns2.mydomain.com.
>
>ns1 IN A 10.1.1.10
> IN A 10.1.1.11
>ns10 IN A 10.1.1.10
>ns11 IN A 10.1.1.11
>
>ns2 IN A 10.1.1.20
> IN A 10.1.1.21
>ns20 IN A 10.1.1.20
>ns21 IN A 10.1.1.21
>
>1.1.10.in-addr.arpa.:
> IN NS ns1.mydomain.com.
> IN NS ns2.mydomain.com.
>
>10 IN PTR ns1.mydomain.com.
>11 IN PTR ns1.mydomain.com.
>20 IN PTR ns2.mydomain.com.
>21 IN PTR ns2.mydoamin.com.
>
>If i understand this right, a lookup of ns1.mydomain.com will return
>10.1.1.10 & 10.1.1.11
>while a lookup of .10 or .11 will return ns1.mydomain.com.
>I can't see any future issues with this, but then again I only deal with
>dns once in a while.
This will work, but I recommend putting the 2-digit names in the PTR
records, rather than the 1-digit names. That way, if a tool translates the
IP to a name, you know which address was actually used. Most of the time
it may not make a difference, but when it does you want to know which it
is.
This type of issue is more common with routers -- you often need to know
which network interface a packet is coming from. And it's especially
important with redundant (rather than multi-homed) servers; if a server is
broken into and being used as a launching point by hackers, you want to
know which server is being abused.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list