Bind server with logical host

Kevin Darcy kcd at chrysler.com
Tue Jul 29 02:18:18 UTC 2008 

Nicholas F Miller wrote:
> The behavior we are seeing is lookups from our DNS server going out on
> the host IP. We want all of the traffic to be routed though the logical
> IP, which is our DNS server. We have 'listen-on' set to the logical IP
> but recursive lookups to the outside world are going through the host
> IP.
>
> ________________________________________________________
> Nicholas Miller, ITS, University of Colorado at Boulder
>
>
>   
>> -----Original Message-----
>> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
>> Behalf Of Kevin Darcy
>> Sent: Wednesday, July 23, 2008 6:45 PM
>> To: bind-users at isc.org
>> Subject: Re: Bind server with logical host
>>
>> Nicholas F Miller wrote:
>>     
>>> We have upgraded our DNS servers recently to Bind 9.5. In the
>>>       
> upgrade
>   
>> we
>>     
>>> also went to logical host names. There is now the host name and then
>>>       
>> the
>>     
>>> DNS server is plumbed as a logical host. Since we have done this we
>>>       
>> are
>>     
>>> seeing DNS answers happening on the host IP. We would like to
>>>       
>> restrict
>>     
>>> the DNS traffic to the logical host.
>>>
>>> Will the 'listen on' switch let us restrict the DNS traffic to our
>>> logical host IP?
>>>
>>>
>>>       
>> Listen-on won't *redirect* queries, if that's what you're asking. If
>> clients are sending queries to the wrong IP, nothing you can do on the
>> server side will stop that. listen-on can restrict whether you accept
>> those packets or not, but if you don't accept them, the queries will
>> simply time out and fail. Is that acceptable?
>>
>> If the clients have both the Host IP and the "logical" IP in their
>> resolver configs, in that order, then if you no longer listen on the
>> Host IP, they may "transparently" fail over to the "logical" IP, but
>>     
> it
>   
>> won't be completely "transparent", in truth, since it will introduce a
>> delay to every name lookup. Enough that some (impatient) apps may
>> actually experience lookup failures. So do this at your own risk.
>>
>> As for responses, named sends those back from the address on which the
>> original query was received. So, if you can fix the clients to send
>> their queries to the correct address in the first place, the responses
>> will follow suit.
>>
>>     
Ah, OK, I understand now.

Check out "query-source" in the ARM.

- Kevin

More information about the bind-users mailing list