Multiple nameservers

[Kevin Darcy]

Eight32 wrote:

>Hi list
>
>I want to set up a DNS server that will 'emulate' multiple nameservers
>ie when queried, the answer will appear as if this physical server is
>the SOA for that domain only.
>
>What design philosophy should I follow? Seems as though a mixture of
>Auth Only, Stealth (for invisibilty), and Forwarding is favourable.
>
>How would I list multiple reverse lookup (zzz.yyy.xxx.rev) files in
>named.conf?
>  
>
It's not clear to me what you're trying to accomplish here. In a DNS 
response, the Authority Section identifies the *single* zone from which 
the answer is being made. It doesn't tell you anything about other zones 
that may or may not be hosted on the same nameserver. So why do you 
think there is some "hiding" that needs to go on here, and what would be 
the purpose of this hiding? Why try to fool clients into thinking that 
the nameserver only hosts a single zone? Please clarify.

If what you're trying to accomplish is running a bunch of "virtual" 
nameserver instances on a bunch of virtual-IPs (or, I guess, even 
physical IPs, if you have the cash to spend) on one box, you could 
either have separate nameserver instances running on each VIP (via 
"listen-on"), or a single instance with views differentiated by 
"match-destinations".

Hopefully you realize that you shouldn't have *all* of the nameservers 
for a particular zone dependent on any particular piece of hardware, 
e.g. they shouldn't all be virtual IPs on the same NIC. The whole 
purpose of the "two nameserver minimum" rule is to provide some 
redundancy and resiliency to the Internet DNS infrastructure, and one 
doesn't advance that by creating Single Points of Failure.

                                                                         
                                                      - Kevin