Subnet sensitve DNS??

Kevin Darcy kcd at daimlerchrysler.com
Thu Nov 3 18:21:14 UTC 2005 

geoff_durham at hotmail.com wrote:

>I am after a solution that allows a DNS server to resolve the same
>hostname to different IP addresses based on the requesting client's
>subnet/location.
>
>i.e.
>
>Client A (subnet 157.128.81.0) resolves server1.orgname.com to
>157.128.81.2
>Client B (subnet 157.128.89.0) resolves server1.orgname.com to
>157.128.89.2
>
>Both clients are resolving the hostnames from the same DNS server
>
>Is this possible???
>
Yes. But it may be rather unmaintainable. You could define separate 
"view"s for each community of clients. But each view would need to have 
a *full* set of zone definitions, etc., and each would take up a chunk 
of memory in your nameserver for all authoritative zone data hosted in 
each view. For the zones you share in common across all views, you could 
at least have multiple references from the zone definitions in each view 
to the same zonefile, but for master zones, you would still have to 
reload the zone in each view every time you made a manual change to the 
zone file. For slave or stub zones, you'd be prudent to define those 
with different filenames and/or paths, otherwise I think there's a risk 
that the views could overwrite and/or corrupt the files.

If this is on an intranet, where you can control the configuration of 
all nameservers which serve these names to clients, a better alternative 
might be to define *all* of the addresses under the server1.orgname.com 
name, and then maintain a set of "sortlist" definitions to sort the 
"best" address to the top of the list for any given client. If that 
address is unavailable, most client apps will fail over to the next 
address in the list, which could be viewed as a feature (increasing 
availability, for most apps), or, in some cases, a showstopper (because 
some app could theoretically not tolerate a client connecting to the 
"wrong" server). Be aware, also, that modern versions of Wintel 
networking stacks *automatically* sort addresses on the same subnet of 
the client to the top of the list (see knowledgebase article #182644), 
thus potentially undoing any address sorting you may do with your 
nameserver.

If you really want to do this the "perfect" way, be prepared to shell 
out major $$$ for a dedicated load-balancing device.

                                                                         
                                                      - Kevin

More information about the bind-users mailing list