On Fri, Nov 21, 2003 at 12:17:30PM +1100, paul van den bergen wrote: > I first encountered networking in CISCO land... where IP addresses and host > names seem to be associated... > > what is the freeBSD way? AFAICS, a machine has a defined name regardless of > howmany interfaces it has. if one splits the world up into hosts (one > interface) and routers (multiple interfaces) can one define multiple > hostnames? > > to expand on this, there is a potential many to many relationship here between > host names and IP addresses (strickly speaking that is what dns etc sees?) > > how dose BSD define this? how does one define this using BSD?
Good question. Yes, this can be a problem with a multi-homed host:
not really in any functional sense, but for organizational purposes.
Any machine will have a hostname -- that is the name which gets
printed in shell prompts and that the system uses by default to
identify itself for such services as SMTP servers, LDAP, NIS, HTTP
etc. The hostname is set by (surprise, surprise) the hostname(1)
command using the data from /etc/rc.conf. This is generally recorded
in /etc/hostnames, possibly with the names of various other local
machines around the place because that's the one lookup system that's
always available even when the network isn't up. But /etc/hostnames
doesn't have to be used at all: I generally prefer to have the DNS be
*the* unique data source for this sort of thing, so my /etc/hostnames
files are pretty skeletal.
Relying on the DNS leads to the use of hierarchical domain names and
yet another religious argument: if the FQDN is 'foo.example.com' do
you set the hostname to just 'foo' or do you use the fully qualified
domain name as the hostname? The problem with using just 'foo' is
that there is no general mechanism for telling the system what the
rest -- the 'network part' of the name -- should be.[1] As good
sys-admins we should be allergic even to the possibility of things
going horribly wrong, and using the FQDN as the hostname closes off
several potential trouble spots.
However using the hostname as the default for all of the various
services is generally only a convention. Those services can usually be
configured to use whatever names you may imagine: role based names
(www.example.com) are fairly common -- which is useful if you need to
swap out machines for maintenance as you can just switch the role-name
to an alternative server fairly simply. This also allows you to run
'virtual' servers: multiple instances of the same service on one
machine.
Since these services are generally networked based, they have to have
an IP number associated with them: most of the time a CNAME record in
the DNS will do, but some things like SMTP MXes or HTTPS virtual hosts
need "real" A records.
Now, most of this discussion has implicitly assumed that we're using a
machine with a single network interface and just one IP number. For a
big server, that's probably not going to be the case -- there may well
be several IP numbers configured on a single interface (have to do
this for eg. hosting multiple HTTPS virtual hosts on one machine) or
several network interfaces, either to provide redundancy against
failure of network kit or to allow the machine to have direct
connections to several physical networks.
In this case, it's perfectly reasonable to have all of:
* the machine hostname as an A record configured in the DNS to
return a list of all of the interface IP numbers, and
corresponding PTR records.
* individual domain names as A records that resolve to each of the
IP numbers on the interfaces, or to the principal address on
each interface, or to per-network IP numbers, and corresponding
PTR records: together with the above, this means that looking up
the IP number can return several hostnames.
* role based names that can include all combinations of all of the
above, either as A+PTR combinations or as CNAMES.
Having several host names resolving to the same IP number is not a
problem. Of course, being good DNS admins we will set up PTR records
to do the inverse lookups. Personally I feel that having PTR records
that return several domain names is perfectly valid, but there's various
old documentation that insists the sky will fall if you do things like
that.[2]
In summary the whole relationship between host and domain names and IP
numbers is defined by whatever works for you...
Cheers,
Matthew
[1] There was for a long time a confusion between the NIS domain name
and DNS based names, especially on Solaris machines. However NIS and
DNS are separate systems and don't have to use the same domain
structure at all. Nowadays LDAP is taking over from NIS, and again
this has it's own hierarchical structure although one increasingly
popular layout is to mimic the DNS hierarchy. The default domain or
search path in /etc/resolv.conf is sort of going in the right
direction, but there's no rule that says your hostname has to match
either of those.
[2] Not in my experience. It's a bit rainy at the moment, but nothing
worse...
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp00000.pgp
Description: PGP signature
