Dynamic DNS based on source IP

Kevin Darcy kcd at daimlerchrysler.com
Thu Aug 2 02:12:43 UTC 2001 

"view"s are a somewhat elegant solution as long as every client is
querying a single server, but it starts to get ugly when multiple
nameservers are answering queries of the name from multiple locations.
Sure, you can make all of the servers slaves for the zone (they wouldn't
all have to be *published* slaves, of course -- some or all of them could
be stealth slaves) and duplicate the same "view" configuration in those
nameservers, but then how do you propagate the zone data for *all* of the
views that each nameserver is going to be serving? You either have to use
some sort of out-of-band replication mechanism, or, with IXFR/AXFR, play
all sorts of virtual interface, transfer-source and/or oddball port number
games to get it to work right. But that seems like a royal pain to set up
and maintain.

If each location has a local nameserver dedicated to its clients, then it
might be simpler to just define the zone in question as master on each
server, with different contents. A hybrid approach, if you wanted to keep
maintenance of the zone centralized, would be to define each local
nameserver as a stealth slave of the zone in question, with the
(single) master configured with "view"s so as to replicate different
versions of the zone. (Note that if you want any zone-transfer failover
capability in this scenario, you're back to playing "view" games again so
that all of the zone-transfer servers for the zone are privy to all of the
"view"s of it.)

I think "sortlist" might be a better way to go here. sortlist is available
in BIND 8 as well as BIND 9, plus it doesn't require maintenance of
multiple versions of the same zone. Another advantage is that it would
allow for transparent failover, assuming the client supports that.

One downside of the sortlist approach is that it would require sortlist
definitions in *every* nameserver that is going to answer for the name;
not only slaves but also caching servers.


- Kevin

Michael Kjorling wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> How about BIND 9's views?
>
> Michael Kjörling
>
> On Aug 1 2001 08:22 -0700, Alan Davis wrote:
>
> > I'm trying to figure out a way to return different IPs based on the
> > source address of the requestor. Does anybody have any ideas? See the
> > following architecture for details:
>

More information about the bind-users mailing list