Distributing DNS servers

peter at nospam.se peter at nospam.se
Sat Aug 28 13:33:06 UTC 1999 

Barry Margolin <barmar at bbnplanet.com> wrote:

Mr, Margolin:

I must confess, i do not understand the motivation for these schenarios.
Please enlighten me (and maye others) why this is done, and
what benefits are gained.

Thankx
Peter h
: In article <Pine.BSF.4.01.9908270950530.19335-100000 at phoenix.aye.net>,
: Barrett Richardson  <barrett at phoenix.aye.net> wrote:
: >
: >I want to distribute my primary across a network topology for
: >various reasons. I intend to have an ip address for the primary
: >attached to a loopback interface on multiple machines at
: >multiple points in my network (and use OSPF or BGP to establish
: >reachability to various nameservers in various locations thru out
: >the network).

: We're doing a similar thing.  If you traceroute to 4.2.2.1 from different
: parts of the country you'll get a different machine.  We're not doing it
: with a looback interface, but with a virtual address on the ethernet
: interface.

: >Issue 1
: >
: >  With this scheme IP packets leaving the boxen must not
: >  have the IP address of the primary (which is on the loopback
: >  and not unique in the network) but the IP address of the
: >  ethernet (which is unique). The idea is to have answers
: >  to queries to go the box that sent the query.
: >
: >  Doable?

: BIND 4.9 and newer forces the source address of a response to match the
: destination address of the query.

: Why do you think it's wrong for these packets to have the loopback address
: as their source?  So it's not unique, who cares?

: >Issue 2
: >
: >   I have this fear that an undesirable side effect will result
: >   from the cacheing behaviour of remote servers that query my
: >   nameservers. For one, the reply is going to come from an IP
: >   for which it has no NS record for my domain, will this be
: >   a problem?

: It doesn't matter that it doesn't match an NS record.  However, most
: resolvers and caching servers will ignore a response if its source address
: doesn't match the address to which the query was sent, on the assumption
: that someone is spoofing the response.

: -- 
: Barry Margolin, barmar at bbnplanet.com
: GTE Internetworking, Powered by BBN, Burlington, MA
: *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
: Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


-- 
--
Peter Håkanson   peter (at) gbg (dot) netman (dot) se

More information about the bind-users mailing list