Multihomed DNS & Round Robin

Kevin Darcy kcd at daimlerchrysler.com
Fri Feb 11 22:00:32 UTC 2000 

Wim Vanhoeck wrote:

> Hi,
>
> We are configuring a dualhomed DNS server on Solaris 2.7 as wel as a series
> of dualhomed web servers. They serve both the intra and the extranet.
> We would like to have the reply given by the DNS server to be dependent upon
> which interface received the request.
> So a query from the intranet should receive the intranet IP address of a
> http server while while the extranet query should receive the extranet
> address of the same http server.
>
> Do we really need two DNS machines or different hostnames for intra and
> extranet ?

Either A) run a separate nameserver instance on each interface using
"listen-on", or B) associate *both* addresses with each name, and then use the
sortlist statement to sort the addresses in answers.

The main downside of (A) is that you have to maintain the two nameserver
instances and the two databases. You can minimize the "two databases" drawback
somewhat by defining the "dual-homed" names as zones unto themselves with each
nameserver instance being master for their "private" version of the zones --
maybe you could even get away with collecting all of these "dual-homed" names
into their own zone, possibly with aliases to hide the ugliness from the users.

The main downsides of (B) are: 1) it assumes a fairly straightforward, static
network topology; if your network topology is really twisted and/or constantly
changing, management of the sortlists will be a problem, 2) you are
"leaking" internal addresses to the outside and vice versa, and 3) unless you
configure the sortlist on *all* servers which may be answering the name,
including caching-only servers, you are not going to get "perfect" results (you
can reduce caching effects by lowering the TTL values on your records, but only
at the expense of generating more DNS traffic). What I mean by "imperfect" is
that sometimes a browser on the inside may get an answer with the external
webserver interface first, internal webserver interface second. Or an external
browser may get internal followed by external. Some browsers -- and some
revisions of browser software -- know to fallback to the other address, other
browsers/revisions do not.


- Kevin

More information about the bind-users mailing list