first /etc/hosts, then nameserver

felix mr.thanquol at gmx.de
Fri May 11 11:23:15 UTC 2001 

ok, thx but it didn't solved my problem =(

but maybe some of you can help me with that too =)

that solaris-box is a hosted webserver which connects to an external
dns-server. I plumped the hme0 interface to
get a second address for that I now have two different addresses eq websites
on that machine.
those websites belong to different domains. ok, no big deal. BUT the
application, which is running for both websites (2 java-web
servers) need to communicat to each other by dns-name!! (not by IP-address
... that would mess the url up). Now I'm using
ssl which makes the problems, because every reverse-lookup will fail! The
ssl-engine recieves an ipaddress from that external-dns
server and checks the local machine which gives back the address of the
interface which is a different (of course, because it's in an
internal subnet ...)

any idea??



"Chip Old" <fold at bcpl.net> wrote in message
news:9dac6i$t5t at pub3.rc.vix.com...
>
> On Tue, 8 May 2001, Kevin Darcy wrote:
>
> > I disagree with this recommendation. A lot of cruft gets into our
> > /etc/hosts files, mostly because the only people putting stuff there
> > are clueless anyway (because anything of importance is already in
> > DNS). I've had numerous problems with stale /etc/hosts entries
> > "hiding" valid DNS entries. Therefore, our standard is "hosts: dns
> > files" (or the equivalent nameservice order on other platforms).
>
> It depends on local conditions.  If you can't control the contents
> of the hosts files on the UNIX boxes in your domain, then I agree you're
> better off to list "dns" before "files" in nsswitch.conf.  Your hosts
> files are for all intents and purposes useless.  But in a normal
> environment (at least what I think of as "normal") the contents of the
> hosts files is more closely controlled, containing only the name and
> address of the local machine plus any other machines that *must* be
> accessible if for some reason DNS fails.  In that environment it makes
> more sense to list "hosts"  before "dns".
>
> > As for the potential bootup delay, all of our Unix boxes run local
> > caching nameservers, so there's very little chance of DNS being
> > completely unavailable. And if the box is that hosed that it can't
> > even start its own local caching nameserver, then it's got bigger
> > problems than just a bootup delay...
>
> Agreed it has big problems, but if a Solaris box that refuses to boot
> because it can't figure out its own name, then it becomes a *REALLY* big
> problem.  If you can keep close control of the contents of your hosts
> files so they don't fill up with junk, then listing "files" before "dns"
> is a good precaution.
>
> --
> Chip Old (Francis E. Old)               E-Mail:  fold at bcpl.net
> Manager, BCPL Network Services          Voice:   410-887-6180
> Manager, BCPL.NET Internet Services     FAX:     410-887-2091
> 320 York Road
> Towson, Maryland 21204-5179 U.S.A.
>
>
>

More information about the bind-users mailing list