fixed rrset ordering - is this still a thing?
Nick Tait
nick at tait.net.nz
Fri Mar 1 21:10:45 UTC 2024
On 02/03/2024 03:42, Mike Mitchell via bind-users wrote:
> Our networking team is in the habit of entering the IP address of every
> network interface on a router under one name. The very first address
> entry is their out-of-band management interface. "rrset-order fixed" is
> used on their domain for address records, so they can ssh to the router
> by name reliably and not have to worry about interfaces that are down
> or that filter SSH.
I wonder if an alternative (cleaner?) solution to your use case could be
to use different sub-domains for the different networks (network
interfaces)? For example:
firewall1.example.com = Internet IP address
firewall1./dmz/.example.com = IP address on DMZ network
firewall1./management/.example.com = IP address on out-of-band
management network
If you did this you could make use of DNS search domains to allow
different parts of the network to resolve the unqualified name
"firewall1" differently. E.g. If you "ssh firewall1" from a management
host it could expand that to firewall1./management/.example.com?
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240302/85e95e6f/attachment.htm>
More information about the bind-users
mailing list