Domain name based multihome routing?

Warren Kumari warren at kumari.net
Tue Jun 26 18:26:53 UTC 2018 

On Tue, Jun 26, 2018 at 12:45 PM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:

> On 06/25/2018 11:08 PM, Dale Mahalko wrote:
> > * The secondary program looks up the domain in a database, which also
> > includes the multihome destination for each domain. If a match is found,
> > a route is created to that multihome destination. Aliased acceleration
> > domains such as Akamai will be matched using the primary domain name.
>
> Are you saying that you want to dynamically update routes to IPs
> resolved in real time to specific host / domain names?  Such that
> traffic to specific hosts / domain names is routed over DSL?  With
> things that don't match conditions routed over cell?



It feels like one should be able to cobble together something hilarious
using:
A: RPZ to return a AAAA only answer,
B: NAT64

Have RPZ suppress the A record, and return a synthesized AAAA with the
NAT64 prefix tacked on the front. This will route it to a NAT64 box which
converts it to a v4 address, and Bobs yer uncle.

This seems like it would work, but be fragile and annoying.

W


>
> > * I want to put all the huge background bandwidth eating maintenance
> > downloads such as Microsoft Windows updates, Microsoft Store updates,
> > Microsoft P2P updates, Steam game downloads and updates, Adobe updates,
> > iTunes updates, iPhone iOS and App updates, and so forth on the slow DSL.
> >
> > * I want to put all the other things that are important to me like
> > multiplayer gaming UDP streams, remote desktop / SSH, video streaming,
> > and general web browsing on the cellular modem.
>
> I think I understand what you want to do and why you want to do it.
>
> It seems like you're using named as the source of information to feed
> into the process that dynamically updates routing.
>
> I find the pausing of named to be questionable.  But I understand that
> you want to make sure that no connections are started until after the
> (re)routing has been done.
>
> I feel like most of this is outside of named's scope and that it would
> run as a different user.
>
> I would suggest exploring BIND's new Response Policy Service.  I think
> it provides a way for BIND to send information to a side program for
> various ""filtering actions.  IMHO there's no reason that such a side
> program has to actually filter requests / responses.  Instead, you could
> use that as an information feed to do what you're wanting to do with IPs
> and routes.  I just don't know about the ability to pause the response.
> Unless it's possible to do the route modification before returning the
> reply to BIND.
>
>
>
> --
> Grant. . . .
> unix || die
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180626/dac42f54/attachment.html>

More information about the bind-users mailing list