BIND9 Return different IP address based on subnet

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Mon Jan 5 18:50:17 UTC 2015 

We use sortlists quite effectively, but there are some caveats to that approach:
1) If you have clients using "rogue" resolvers without any sortlist definitions, that will limit the effectiveness of the technique somewhat
2) You need some discipline to keep the sortlist definitions up-to-date as networks/subnets are renumbered, re-assigned, etc. If you have many nameservers, it helps to have a centralized/co-ordinated mechanism to maintain/propagate your nameserver configs (we use Infoblox, for instance)
3) Sortlisting is never a 100% solution and should not be used for applications which treat connecting to the "wrong" IP (rarely, occasionally) as a *fatal* error. At the very least, if the app tries to connect to a "wrong" IP, and is not able to do so (because of routing, firewall rules, ACLs, etc.) it should fail over in a timely fashion to the next IP in the list. It shouldn't just die.

													- Kevin

-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Niall O'Reilly
Sent: Monday, January 05, 2015 7:03 AM
To: Christian Kette
Cc: bind-users at lists.isc.org; Jeremy C. Reed
Subject: Re: BIND9 Return different IP address based on subnet

At Sat, 3 Jan 2015 19:24:47 +0100,
Christian Kette wrote:
> 
> I have found a workaround.
> I defined a different zone for every network

  A simpler solution might be to use a sortlist.

  From the ARM:

6.2.16.13 The sortlist Statement

The response to a DNS query may consist of multiple resource records
(RRs) forming a resource records set (RRset). The name server will normally return the RRs within the RRset in an indeterminate order (but see the rrset-order statement in Section 6.2.16.14). The client resolver code should rearrange the RRs as appropriate, that is, using any addresses on the local net in preference to other addresses. However, not all resolvers can do this or are correctly configured. When a client is using a local server, the sorting can be performed in the server, based on the client’s address. This only requires configuring the name servers, not all the clients.

  Niall
  
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list