Bind server with logical host
Kevin Darcy
kcd at chrysler.com
Thu Jul 24 00:44:48 UTC 2008
Nicholas F Miller wrote:
> We have upgraded our DNS servers recently to Bind 9.5. In the upgrade we
> also went to logical host names. There is now the host name and then the
> DNS server is plumbed as a logical host. Since we have done this we are
> seeing DNS answers happening on the host IP. We would like to restrict
> the DNS traffic to the logical host.
>
> Will the 'listen on' switch let us restrict the DNS traffic to our
> logical host IP?
>
>
Listen-on won't *redirect* queries, if that's what you're asking. If
clients are sending queries to the wrong IP, nothing you can do on the
server side will stop that. listen-on can restrict whether you accept
those packets or not, but if you don't accept them, the queries will
simply time out and fail. Is that acceptable?
If the clients have both the Host IP and the "logical" IP in their
resolver configs, in that order, then if you no longer listen on the
Host IP, they may "transparently" fail over to the "logical" IP, but it
won't be completely "transparent", in truth, since it will introduce a
delay to every name lookup. Enough that some (impatient) apps may
actually experience lookup failures. So do this at your own risk.
As for responses, named sends those back from the address on which the
original query was received. So, if you can fix the clients to send
their queries to the correct address in the first place, the responses
will follow suit.
- Kevin
More information about the bind-users
mailing list