DNS with several ip adessess

Johan Ihrén johani at johani.org
Thu Jan 2 22:47:37 UTC 2014 

On 02 Jan 2014, at 16:37 , Alan Clegg <alan at clegg.com> wrote:

> On Jan 2, 2014, at 9:19 AM, WBrown at e1b.org wrote:
> 
>>>> Use views
>>> 
>>> Views +1 
>> 
>> When were views added to BIND?  We started using using multiple servers in 
>> BIND 4, and I don't recall views being available back then, but I didn't 
>> configure the servers, just maintained the zones.
>> 
>> We're still using multiple servers for internal vs. external resolution.
> 
> Views have been in bind “for all recent history”.
> 
> I’ve watched this thread and have been biting my tongue as long as I could.
> 
> I’m a proponent of separating servers and NOT using views, as any of you that have taken a class that I’ve taught will attest.
> 
> I’ve seen too many problems over the years that have been caused by incorrect maintenance of both data feeding the views and goofs in the mechanisms making sure that the correct view is made available to the correct slave servers (and clients).
> 
> With today’s hardware (virtualization, etc) it’s not very expensive to build out new servers.  Separate the services and you remove lots of the little prickly points that will cause you pain as the complexity of your infrastructure grows (and as you hand off to the ‘next generation’ of maintainers).

I could not agree more (as anyone who has attended a class that I've taught will attest ;-). 

Furthermore, in addition to the very valid reasons that Alan list, I'd want to add yet another reason to implement this via multiple, simple, [virtual] servers, rather than using views and that is "platform independence". Views are a feature specific to BIND9 (and ANS, I think). If I implement this via multiple servers then for each server I am free to choose whatever implementation is best for that task. If choose a design based on views, I am forced to used BIND9.

And while BIND9 may be the best thing since sliced bread, it will not be the preferred choice forever.

> I’m actually more a proponent of creating an architecture that doesn’t NEED differentiated data, but there aren’t a lot of places implementing DNS / naming structures on green-fields these days.

I agree with this also.

Johan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140102/01d445db/attachment.bin>

More information about the bind-users mailing list