On 02/03/2024 03:42, Mike Mitchell via bind-users wrote:
Our networking team is in the habit of entering the IP address of every
network interface on a router under one name.  The very first address
entry is their out-of-band management interface.  "rrset-order fixed" is
  used on their domain for address records, so they can ssh to the router
  by name reliably and not have to worry about interfaces that are down
or that filter SSH.
I wonder if an alternative (cleaner?) solution to your use case could be to use different sub-domains for the different networks (network interfaces)? For example:

   firewall1.example.com = Internet IP address
   firewall1./dmz/.example.com = IP address on DMZ network
   firewall1./management/.example.com = IP address on out-of-band
   management network

If you did this you could make use of DNS search domains to allow different parts of the network to resolve the unqualified name "firewall1" differently. E.g. If you "ssh firewall1" from a management host it could expand that to firewall1./management/.example.com?

Nick.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to