Subnet sensitve DNS??
Kevin Darcy
kcd at daimlerchrysler.com
Thu Nov 3 18:21:14 UTC 2005
geoff_durham at hotmail.com wrote:
>I am after a solution that allows a DNS server to resolve the same
>hostname to different IP addresses based on the requesting client's
>subnet/location.
>
>i.e.
>
>Client A (subnet 157.128.81.0) resolves server1.orgname.com to
>157.128.81.2
>Client B (subnet 157.128.89.0) resolves server1.orgname.com to
>157.128.89.2
>
>Both clients are resolving the hostnames from the same DNS server
>
>Is this possible???
>
Yes. But it may be rather unmaintainable. You could define separate
"view"s for each community of clients. But each view would need to have
a *full* set of zone definitions, etc., and each would take up a chunk
of memory in your nameserver for all authoritative zone data hosted in
each view. For the zones you share in common across all views, you could
at least have multiple references from the zone definitions in each view
to the same zonefile, but for master zones, you would still have to
reload the zone in each view every time you made a manual change to the
zone file. For slave or stub zones, you'd be prudent to define those
with different filenames and/or paths, otherwise I think there's a risk
that the views could overwrite and/or corrupt the files.
If this is on an intranet, where you can control the configuration of
all nameservers which serve these names to clients, a better alternative
might be to define *all* of the addresses under the server1.orgname.com
name, and then maintain a set of "sortlist" definitions to sort the
"best" address to the top of the list for any given client. If that
address is unavailable, most client apps will fail over to the next
address in the list, which could be viewed as a feature (increasing
availability, for most apps), or, in some cases, a showstopper (because
some app could theoretically not tolerate a client connecting to the
"wrong" server). Be aware, also, that modern versions of Wintel
networking stacks *automatically* sort addresses on the same subnet of
the client to the top of the list (see knowledgebase article #182644),
thus potentially undoing any address sorting you may do with your
nameserver.
If you really want to do this the "perfect" way, be prepared to shell
out major $$$ for a dedicated load-balancing device.
- Kevin
More information about the bind-users
mailing list