resolution based on client IP address.
Kevin Darcy
kcd at daimlerchrysler.com
Fri Sep 8 20:11:43 UTC 2000
Yes, I guess that would work too. It's basically a client-side version of=
option
#1. Of course, it requires that the client resolver library actually unde=
rstands
the "sortlist" directive (do any OS-provided resolver libraries understan=
d this
yet?). Also, maintaining sortlists on clients could be a lot more
maintenance-intensive than doing so on nameservers. Certainly it would be=
in our
environment, where they're constantly moving clients around. Optimally, I=
guess
*all* resolver configuration should be propagated via DHCP, but I don't t=
hink
anyone has even proposed a "DNS sortlist" DHCP option...
- Kevin
peter at icke-reklam.ipsec.nu.invalid wrote:
> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>
> Isn't there a third option :
>
> creating a sortlist in the resolvers config files ? That way the
> clients will receive both addresses and choose the most favorable.
>
> > There are basically 2 different answers to this question, depending o=
n exactly
> > what your requirements are:
>
> > 1) If you're just trying to optimize client/server access, e.g. clien=
t pool
> > A always talks to server B, and client pool X always talks to server =
Y, all
> > using the same server name, then you can use the "sortlist" option to=
sort
> > them in the correct order, depending on the client's IP address. This=
assumes,
> > however, that you have control of *every* nameserver which these clie=
nts are
> > querying, because you'd have to configure the same sortlists in all o=
f them.
> > Otherwise, you may get some "leakage" or de-optimization, as the
> > non-sortlist-configured nameservers alternate the order of the answer=
s they
> > give out for the name from their cache.
>
> > 2) Otherwise, you'd need to go to a full-blown "split DNS" where you =
maintain
> > different copies of the same zone(s) -- each with only 1 A record for=
the name
> > -- and run different nameserver instances (at least until BIND 9's
> > "view" mechanism allows you to run different versions of the same zon=
e within
> > the same instance). Note that it is possible to run multiple instance=
s of
> > "named" on a single box, if you have multiple physical interfaces or =
your
> > OS supports "virtual" interfaces -- each instance would listen to a d=
ifferent
> > interface. So you wouldn't necessarily have to dedicate extra *machin=
es* to
> > the split DNS, although you may want to anyway, because it's probably=
easier
> > to maintain that way.
>
> > - Kevin
>
> > Kariger Enrique-EKARIGE1 wrote:
>
> >> Hi All,
> >>
> >> I setup an A record with two IP addresses (for the same name). I wou=
ld like
> >> the DNS server to resolve to one IP or another depending on the clie=
nt's IP
> >> address or at least on the client's subnet. Any idea of how to do th=
is ?
> >>
> >> Many thanks,
> >>
> >> Enrique.
>
> --
> Peter H=E5kanson
> IPSec Sverige (At the Riverside of Gothenburg, home of Vo=
lvo)
> Sorry about my e-mail address, but i'm trying to keep spam o=
ut.
> Remove "icke-reklam"and "invalid" and it works.
More information about the bind-users
mailing list