How to get random subset of large rrset (30+ IPs for round robin)?

Fri Mar 20 17:22:37 UTC 2020

On Fri, Mar 20, 2020 at 1:16 PM Warren Kumari <warren at kumari.net> wrote:

> On Fri, Mar 20, 2020 at 1:04 PM Matus UHLAR - fantomas
> <uhlar at fantomas.sk> wrote:
> >
> > >On Fri, Mar 20, 2020 at 3:14 AM David Klatt <d.klatt at sonnen.de> wrote:
> > >> I can't find a way to do the following although I invested plenty of
> time
> > >> in research - maybe you guys have an idea:
> > >>
> > >> With bind, I'd need to serve a single A record with  30+  IP
> addresses  and
> > >> these addresses have to be returned in random order round robin,
> > >> which is done with:
> >
> > >> Now I'd like bind to just return a  random subset  of e.g. 5 IP
> addresses
> > >> if someone requests this A record.
> >
> > On 20.03.20 10:37, Warren Kumari wrote:
> > >I realize that this is the BIND list, but this sounds like an almost
> > >perfect example of PowerDNS's LUA record type (or something with
> > >CoreDNS)
> > >Other than that, the only thing I can think of is BIND with DLZ and a
> > >database that returns a random subset from a DB query, but that sounds
> > >awful...
> >
> > I don't think BIND can do this at all. And I don't think it should...
> >
> > >> Reason for this are in my case some (thousands) older clients (that I
> can't control)
> > >> that seem not being able to handle that many IPs - the OS resolver
> just returns an error.
> >
> > why no use IPVS-like load balancer and hide all hosts behind one or two
> IPs?
> > that would help you much more, amongst others when any of those machines
> > fails.
>
> That's almost definitely the right answer, but there *are* cases where
> something like what the OP was asking for -  0.pool.ntp.org springs to
> mind as one example.
> But, yes, a load balancer / anycast is almost definitely going to be a
> better choice...
>
> Warren.
>
>
> >
> >
> > --
> > Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> > Warning: I wish NOT to receive e-mail advertising to this address.
> > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> > WinError #98652: Operation completed successfully.
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf
>
>
Do you know why the OS is having a problem?  It just occurs to me that the
problem might be that the result does not fit in a UDP packet, (without
EDNS?) and the fallback to TCP is not working.  Can you try 'dig ...' and
'dig +tcp ...' on that OS to see if both are working?  If it is DNS TCP
issue, there might be a solution in fixing firewalls/acls/iptables or such.

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200320/eff5317a/attachment.htm>