On 02/03/2024 03:42, Mike Mitchell via bind-users wrote:
Our networking team is in the habit of entering the IP address of every
network interface on a router under one name. The very first address
entry is their out-of-band management interface. "rrset-order fixed" is
used on their domain for address records, so they can ssh to the router
by name reliably and not have to worry about interfaces that are down
or that filter SSH.
I wonder if an alternative (cleaner?) solution to your use case could be
to use different sub-domains for the different networks (network
interfaces)? For example:
firewall1.example.com = Internet IP address
firewall1./dmz/.example.com = IP address on DMZ network
firewall1./management/.example.com = IP address on out-of-band
management network
If you did this you could make use of DNS search domains to allow
different parts of the network to resolve the unqualified name
"firewall1" differently. E.g. If you "ssh firewall1" from a management
host it could expand that to firewall1./management/.example.com?
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
