Sortlist and individual zones
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jan 28 17:38:24 UTC 2004
Barry Margolin wrote:
>In article <bv6kd7$747$1 at sf1.isc.org>,
> Brian Miller <bmiller at telstra.com.au> wrote:
>
>
>
>>I have been asked to look into setting up out companies internal DNS to
>>return different IP addreesses for a specific RR based upon the location of
>>the client (clients in each state get the IP address of a local server).
>>
>>I can differentate between the clients easily enough based on their network,
>>and it looks like I could do what's needed with the "sortlist" option.
>>
>>
>
>I don't think this will work as you hope. Clients don't generally query
>authoritative nameservers directly, they query their local caching
>nameserver, and the caching server recurses to contact the authoritative
>servers. Unless the caching server's admnistrator has overridden the
>default settings, it will perform its own round-robin rotation of the
>addresses, losing the ordering that you set up with sortlist.
>
Right, but what if one person, or a well-co-ordinated group of people
happen to maintain the configurations of all those nameservers? Then it
is feasible to keep all of the sortlist definitions in sync. We are
doing this in our enterprise.
Also, it's not clear from the original poster's message whether there
are local caching nameservers in this picture or not (I questioned this
in my response to the original poster's message).
>What you need to use is views. You'd need a different version of the
>zone file for each block of addresses, containing just the server for
>that area.
>
I don't think views is the way to go here. As you know, you'd have to
define *every* zone in every view. We have no idea how many zones that
might represent. I know there are tricks that can be played by sharing
master files or $INCLUDE files between views, but still, it makes for a
humungous /etc/named.conf if you have dozens upon dozens of views times
perhaps half-a-dozen or more zones that might need to be defined in all
of them. Plus a view-based approach wouldn't be any good if failover is
desired. Lastly, the original poster was already worried about
performance; I think all of those views would probably push the
nameserver over the edge...
- Kevin
More information about the bind-users
mailing list