On 3/20/20 1:14 AM, David Klatt wrote:
Hi,
Hi,
Now I'd like bind to just return a random subset of e.g. 5 IP addresses if someone requests this A record.
Hum. That sounds quite contrary to the typical BIND behavior.
Reason for this are in my case some (thousands) older clients (that I can't control) that seem not being able to handle that many IPs - the OS resolver just returns an error.
Ugh.
For my use case I absolutely need to make sure that each IP of that large A record set is given out equally (statistically) and that at any time when bind answers that one A record it only returns a random subset of all these IPs.
I question if you need "random" or if "round robin" (rotating) would work. Do they need to be truly random? Or would simply circulating a (possibly randomized) list suffice?
Has someone an idea on how to achieve the latter?
If cycling through a list would be sufficient, you might consider looking at Dynamically Loadable Zones and Response Policy Service.
You might be able to create a custom DLZ driver that: - returned a sub-set of the results of it's own DNS query - returned a sub-set of the rotating list of all of the A recordsYou might be able to create an RPS that would alter the reply before it's sent to clients.
Note: My understanding is that RPS is for DNS what milters are for Sendmail.
Finally, I don't know if will align with your needs or not, but you might consider a forward zone pointing to a custom DNS server.
Thanks a lot in advance!
You're welcome. Good luck. I'd be curious to learn what you end up doing. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
