RRSet ordering and sortlist{ };

Kevin Darcy kcd at daimlerchrysler.com
Wed Dec 6 02:46:43 UTC 2000 

Oh, man! You mean after telling people to use sortlist after all of these
months, now I have to actually explain *how* to use the thing? :-) I like the
sortlist feature, but frankly its specification syntax hurts my brain.

I think your problem is that you need a semicolon after calling out the ACL,
i.e.

    sortlist {
        { local_hosts; // to any of the local hosts, return
           {
                193.123.234.99;     // the IP of the host from DMZ,
                ! 193.123.234.12;   // not one being in EXT and NATted
           };
        };
    };

(I took the liberty of reformatting in an attempt to clarify).

You need the semicolon because the "match" part of the sortlist element needs
to be at the *same*level* as the actual "sort" part.

I have no idea why the named.conf parser didn't kick out an error for your
syntax. Maybe it interpreted it in some weird, arcane sortlist kind of way
and/or swallowed up the clause after the sortlist. Who knows?


- Kevin

gregab at NOS.PAM-gbsoft.org wrote:

> Hi all,
>
> I've been trying out sortlist{ }; in BIND8, because it seems to me like
> a very good solution for the IPfw and NAT issue, where one can't access
> the resolved host when it resolves to a NATted external IP.
>
> However, the results I got with BIND 8.2.3-P6T were only a partial
> success at most, because the order in which addresses was resolved was
> quite random - 70% of all the cases returned the right order, but other
> 30% were totally wrong, although I'm perfectly certain that I was the
> only person accessing the name server at that time and these 70% weren't
> a result of ordinary cyclic behaviour in which somebody would've "stolen"
> from me the other 20% of rotation.
>
> Any ideas on how to do this properly, so that for hosts from (in the below
> example) "local_host" always get the records ordered the way sortlist{ };
> specifies?
>
> The configuration I used was on a DMZ DNS, testing was done from a box
> on the localnet (not masq-ed):
> ------------------------------
> In named.conf:
> ------------------------------
> acl local_hosts {
>     127.0.0.0/8;        // loopback
>     192.168.1.0/24;     // two class-c localnets
>     192.168.2.0/24;
>     193.123.234.80/28;  // two sub-d-class DMZ
>     193.123.234.96/27;
> };
>
> options {
>     ...
>     sortlist {
>         { local_hosts {         // to any of the local hosts, return
>             193.123.234.99;     // the IP of the host from DMZ,
>             ! 193.123.234.12;   // not one being in EXT and NATted
>         }; };
>     };
> };
>
> zone "foobar.baz." {
>     type master;
>     file "mastering/foobar.baz.zone";
>     ...
> };
> ------------------------------
> In foobar.baz.zone:
> ------------------------------
> $ORIGIN baz.
> $TTL 87600
>
> foobar  IN      SOA blahblah...
>         ...
>         IN      A   192.123.234.99
>         IN      A   192.123.234.12
>
> ...
> ------------------------------

More information about the bind-users mailing list