per-zone-recursion?

Kalman Feher kalman.feher at melbourneit.com.au
Mon Oct 4 09:30:03 UTC 2010 



On 2/10/10 7:18 AM, "Joerg Dorchain" <joerg at dorchain.net> wrote:

> On Fri, Oct 01, 2010 at 05:39:16PM +0200, Matus UHLAR - fantomas wrote:
>> 
>> On 01.10.10 12:39, Joerg Dorchain wrote:
>>> Well, I could agree agree that "wrong" means not thought of by
>>> RfC-Designers and bind implementators (yet).
>> 
>> probably it was not thought because it's wrong.
> 
> This point is getting religious now, IMHO.
Bear in mind that your rationale is based on getting an inaccessible DNS
server to return information that a client has correctly asked for. I can't
imagine a situation where there'll be a strong desire to codify that kind of
set up. If your DNS server is not accessible to clients that need to query
it for data, your set up is wrong. That isn't religious, that is practical
reality. 
>> 
>>>> less palatable option:
>>>> 
>>>> 1. Make the other DNS software available on another IP. So normal DNS
>>>> behaviour works.
>>> 
>>> Hm, this is not too easy in practice, but of course optimal solution.
>>> IPv6 will help here, I hope.
>> 
>> I don't think this will solve the problem, it will just be a workaround for
>> it.
> 
> With IPv6, I see much better chances of having more than one
> address available, which would make the best architectural solution
> a practical one as well.
I think you need to consider your architectural design in a different light.
Address availability is not your problem. Your solution seems to be a work
around built on a work around. Ask yourself: "am I using DNS to fix a
problem or shortcoming in another system?". If yes, fix the other system
instead. 
>> 
>>>> 2. Add the zone as a slave within your authoritative view. (this option may
>>>> be the easiest for your situation).
>>> 
>>> Not feasible as it contains dynamically generated content,
>>> typically with a TTL of 0.
>> 
>> this strongly indicates that there's something broken in your DNS. The DNS
>> is not designed to provide anything that short-lived, the whole DNS
>> architecture is based on cachind.
> 
> Yes, DNS works best with caching. I know that this setup is a
> corner case and very individual (If would had two public IPs then
> I would be fine)
> 
> To be a bit polemic, if you think it is wrong, TTL of 0 should be
> forbidden, I suppose.
To be more accurate, the reasons people think they need a TTL of 0 indicate
they are using DNS incorrectly. Often it is an attempt at working around the
restrictions of other systems. Hence the guess at load balancing. What data
are you providing that changes second to second and must be provided using
DNS? 

 
>> 
>> Are you doing any kind of DNS-based load balancing?
> 
> No, then multiple A records or so would be just fine.
> 
> Bye,
> 
> Joerg
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Kal Feher

More information about the bind-users mailing list