Multiple IPs Associated With A Single Name

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Thu Sep 29 21:45:27 UTC 2016 

Yeah, sure, just run it with your own special config file (with -c); in that config file, set the listen-on to an unprivileged port, and make sure all of the pathnames (including implicit pathnames like the pid-file) are to files/directories to which the unprivileged user has read and (where necessary) write access.

As a sanity check, I just fired up an instance on a Red Hat box, as an unprivileged user, listening on port 12345. It's a caching-only config, with our own internal-root hints, and it's resolving (internal) names just fine.

												- Kevin



-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Tim Daneliuk
Sent: Thursday, September 29, 2016 5:24 PM
To: John Miller
Cc: Bind Users
Subject: Re: Multiple IPs Associated With A Single Name

On 09/29/2016 04:18 PM, Tim Daneliuk wrote:
> On 09/29/2016 02:08 PM, John Miller wrote:
>> Hi Tim,
>>
>> AFAIK, multiple A records are the only way to return multiple IPs for 
>> a given FQDN.  there are multiple A records for a given name, BIND 
>> will return all of those records -- it'll return all the IPs.  It's 
>> up to the client in question to decide how to use that information.
>>
>> John
>>
> 
> 
> Thanks all, for responding.
> 
> One followup question.  I am currently doing some engineering work for 
> GreatBigHugeCo, wherein getting things like DNS updates done is very 
> time and paperwork intensive.  Sometimes I think it would be easier to 
> do tensor analysis with an abacus, but I digress ...
> 
> For reasons too long and complex to explain, I may want to do the 
> following and need some input on how to implement this or whether it's even practical:
> 
>   - Run an instance of bind in user space so I can control all the 
>     configuration without having root.
> 
>   - Forward all lookups not in my database to a "real" DNS server
> 
> 
> What I am stuck on is this:  Is there any simple (i.e., non-root) way 
> to write a client or otherwise configure userspace to go to the 
> non-standard port and run my sort of man-in-the-middle server?  Or is 
> this just a stupid idea?
> 
> 


I forgot to mention:  At least one use case for this might be a case where I can force the client in user space to use the DNS server and port of my choosing.  In that case, they won't be using the system DNS config and the
above would not apply.   However, I am unclear on whether bind can be run
as an unprivileged user on a non-standard port.

--
----------------------------------------------------------------------------
Tim Daneliuk     tundra at tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list