RE: BIND9 Return different IP address based on subnet

Mon, 05 Jan 2015 10:51:03 -0800 

We use sortlists quite effectively, but there are some caveats to that approach:
1) If you have clients using "rogue" resolvers without any sortlist 
definitions, that will limit the effectiveness of the technique somewhat
2) You need some discipline to keep the sortlist definitions up-to-date as 
networks/subnets are renumbered, re-assigned, etc. If you have many 
nameservers, it helps to have a centralized/co-ordinated mechanism to 
maintain/propagate your nameserver configs (we use Infoblox, for instance)
3) Sortlisting is never a 100% solution and should not be used for applications 
which treat connecting to the "wrong" IP (rarely, occasionally) as a *fatal* 
error. At the very least, if the app tries to connect to a "wrong" IP, and is 
not able to do so (because of routing, firewall rules, ACLs, etc.) it should 
fail over in a timely fashion to the next IP in the list. It shouldn't just die.

                                                                                
                        - Kevin

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Niall O'Reilly
Sent: Monday, January 05, 2015 7:03 AM
To: Christian Kette
Cc: bind-users@lists.isc.org; Jeremy C. Reed
Subject: Re: BIND9 Return different IP address based on subnet

At Sat, 3 Jan 2015 19:24:47 +0100,
Christian Kette wrote:
> 
> I have found a workaround.
> I defined a different zone for every network

  A simpler solution might be to use a sortlist.

  From the ARM:

6.2.16.13 The sortlist Statement

The response to a DNS query may consist of multiple resource records
(RRs) forming a resource records set (RRset). The name server will normally 
return the RRs within the RRset in an indeterminate order (but see the 
rrset-order statement in Section 6.2.16.14). The client resolver code should 
rearrange the RRs as appropriate, that is, using any addresses on the local net 
in preference to other addresses. However, not all resolvers can do this or are 
correctly configured. When a client is using a local server, the sorting can be 
performed in the server, based on the client’s address. This only requires 
configuring the name servers, not all the clients.

  Niall
  
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to