first /etc/hosts, then nameserver

Kevin Darcy kcd at daimlerchrysler.com
Thu May 10 21:05:41 UTC 2001 

I don't understand. Why wouldn't you just configure the reverse records for
each IP to point back to separate names? Is this ssl-engine looking at the
system *nodename*, is that it? That's just braindead. It should be mapping from
the (instance-specific) address to a name, or from some statically-configured
hostname to an address. System nodenames have never really been a reliable
source of naming information, since machines can be multi-functional and have
different names by which they are known, for each function.


- Kevin

felix wrote:

> ok, thx but it didn't solved my problem =(
>
> but maybe some of you can help me with that too =)
>
> that solaris-box is a hosted webserver which connects to an external
> dns-server. I plumped the hme0 interface to
> get a second address for that I now have two different addresses eq websites
> on that machine.
> those websites belong to different domains. ok, no big deal. BUT the
> application, which is running for both websites (2 java-web
> servers) need to communicat to each other by dns-name!! (not by IP-address
> ... that would mess the url up). Now I'm using
> ssl which makes the problems, because every reverse-lookup will fail! The
> ssl-engine recieves an ipaddress from that external-dns
> server and checks the local machine which gives back the address of the
> interface which is a different (of course, because it's in an
> internal subnet ...)
>
> any idea??
>
> "Chip Old" <fold at bcpl.net> wrote in message
> news:9dac6i$t5t at pub3.rc.vix.com...
> >
> > On Tue, 8 May 2001, Kevin Darcy wrote:
> >
> > > I disagree with this recommendation. A lot of cruft gets into our
> > > /etc/hosts files, mostly because the only people putting stuff there
> > > are clueless anyway (because anything of importance is already in
> > > DNS). I've had numerous problems with stale /etc/hosts entries
> > > "hiding" valid DNS entries. Therefore, our standard is "hosts: dns
> > > files" (or the equivalent nameservice order on other platforms).
> >
> > It depends on local conditions.  If you can't control the contents
> > of the hosts files on the UNIX boxes in your domain, then I agree you're
> > better off to list "dns" before "files" in nsswitch.conf.  Your hosts
> > files are for all intents and purposes useless.  But in a normal
> > environment (at least what I think of as "normal") the contents of the
> > hosts files is more closely controlled, containing only the name and
> > address of the local machine plus any other machines that *must* be
> > accessible if for some reason DNS fails.  In that environment it makes
> > more sense to list "hosts"  before "dns".
> >
> > > As for the potential bootup delay, all of our Unix boxes run local
> > > caching nameservers, so there's very little chance of DNS being
> > > completely unavailable. And if the box is that hosed that it can't
> > > even start its own local caching nameserver, then it's got bigger
> > > problems than just a bootup delay...
> >
> > Agreed it has big problems, but if a Solaris box that refuses to boot
> > because it can't figure out its own name, then it becomes a *REALLY* big
> > problem.  If you can keep close control of the contents of your hosts
> > files so they don't fill up with junk, then listing "files" before "dns"
> > is a good precaution.
> >
> > --
> > Chip Old (Francis E. Old)               E-Mail:  fold at bcpl.net
> > Manager, BCPL Network Services          Voice:   410-887-6180
> > Manager, BCPL.NET Internet Services     FAX:     410-887-2091
> > 320 York Road
> > Towson, Maryland 21204-5179 U.S.A.
> >
> >
> >

More information about the bind-users mailing list