Distributing DNS servers
peter at nospam.se
peter at nospam.se
Sat Aug 28 13:33:06 UTC 1999
Barry Margolin <barmar at bbnplanet.com> wrote:
Mr, Margolin:
I must confess, i do not understand the motivation for these schenarios.
Please enlighten me (and maye others) why this is done, and
what benefits are gained.
Thankx
Peter h
: In article <Pine.BSF.4.01.9908270950530.19335-100000 at phoenix.aye.net>,
: Barrett Richardson <barrett at phoenix.aye.net> wrote:
: >
: >I want to distribute my primary across a network topology for
: >various reasons. I intend to have an ip address for the primary
: >attached to a loopback interface on multiple machines at
: >multiple points in my network (and use OSPF or BGP to establish
: >reachability to various nameservers in various locations thru out
: >the network).
: We're doing a similar thing. If you traceroute to 4.2.2.1 from different
: parts of the country you'll get a different machine. We're not doing it
: with a looback interface, but with a virtual address on the ethernet
: interface.
: >Issue 1
: >
: > With this scheme IP packets leaving the boxen must not
: > have the IP address of the primary (which is on the loopback
: > and not unique in the network) but the IP address of the
: > ethernet (which is unique). The idea is to have answers
: > to queries to go the box that sent the query.
: >
: > Doable?
: BIND 4.9 and newer forces the source address of a response to match the
: destination address of the query.
: Why do you think it's wrong for these packets to have the loopback address
: as their source? So it's not unique, who cares?
: >Issue 2
: >
: > I have this fear that an undesirable side effect will result
: > from the cacheing behaviour of remote servers that query my
: > nameservers. For one, the reply is going to come from an IP
: > for which it has no NS record for my domain, will this be
: > a problem?
: It doesn't matter that it doesn't match an NS record. However, most
: resolvers and caching servers will ignore a response if its source address
: doesn't match the address to which the query was sent, on the assumption
: that someone is spoofing the response.
: --
: Barry Margolin, barmar at bbnplanet.com
: GTE Internetworking, Powered by BBN, Burlington, MA
: *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
: Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
--
--
Peter Håkanson peter (at) gbg (dot) netman (dot) se
More information about the bind-users
mailing list