RRSet ordering and sortlist{ };
Kevin Darcy
kcd at daimlerchrysler.com
Wed Dec 6 02:46:43 UTC 2000
Oh, man! You mean after telling people to use sortlist after all of these
months, now I have to actually explain *how* to use the thing? :-) I like the
sortlist feature, but frankly its specification syntax hurts my brain.
I think your problem is that you need a semicolon after calling out the ACL,
i.e.
sortlist {
{ local_hosts; // to any of the local hosts, return
{
193.123.234.99; // the IP of the host from DMZ,
! 193.123.234.12; // not one being in EXT and NATted
};
};
};
(I took the liberty of reformatting in an attempt to clarify).
You need the semicolon because the "match" part of the sortlist element needs
to be at the *same*level* as the actual "sort" part.
I have no idea why the named.conf parser didn't kick out an error for your
syntax. Maybe it interpreted it in some weird, arcane sortlist kind of way
and/or swallowed up the clause after the sortlist. Who knows?
- Kevin
gregab at NOS.PAM-gbsoft.org wrote:
> Hi all,
>
> I've been trying out sortlist{ }; in BIND8, because it seems to me like
> a very good solution for the IPfw and NAT issue, where one can't access
> the resolved host when it resolves to a NATted external IP.
>
> However, the results I got with BIND 8.2.3-P6T were only a partial
> success at most, because the order in which addresses was resolved was
> quite random - 70% of all the cases returned the right order, but other
> 30% were totally wrong, although I'm perfectly certain that I was the
> only person accessing the name server at that time and these 70% weren't
> a result of ordinary cyclic behaviour in which somebody would've "stolen"
> from me the other 20% of rotation.
>
> Any ideas on how to do this properly, so that for hosts from (in the below
> example) "local_host" always get the records ordered the way sortlist{ };
> specifies?
>
> The configuration I used was on a DMZ DNS, testing was done from a box
> on the localnet (not masq-ed):
> ------------------------------
> In named.conf:
> ------------------------------
> acl local_hosts {
> 127.0.0.0/8; // loopback
> 192.168.1.0/24; // two class-c localnets
> 192.168.2.0/24;
> 193.123.234.80/28; // two sub-d-class DMZ
> 193.123.234.96/27;
> };
>
> options {
> ...
> sortlist {
> { local_hosts { // to any of the local hosts, return
> 193.123.234.99; // the IP of the host from DMZ,
> ! 193.123.234.12; // not one being in EXT and NATted
> }; };
> };
> };
>
> zone "foobar.baz." {
> type master;
> file "mastering/foobar.baz.zone";
> ...
> };
> ------------------------------
> In foobar.baz.zone:
> ------------------------------
> $ORIGIN baz.
> $TTL 87600
>
> foobar IN SOA blahblah...
> ...
> IN A 192.123.234.99
> IN A 192.123.234.12
>
> ...
> ------------------------------
More information about the bind-users
mailing list