Sortlist and individual zones

Kevin Darcy kcd at daimlerchrysler.com
Wed Jan 28 17:38:24 UTC 2004 

Barry Margolin wrote:

>In article <bv6kd7$747$1 at sf1.isc.org>,
> Brian Miller <bmiller at telstra.com.au> wrote:
>
>  
>
>>I have been asked to look into setting up out companies internal DNS to
>>return different IP addreesses for a specific RR based upon the location of
>>the client (clients in each state get the IP address of a local server).
>>
>>I can differentate between the clients easily enough based on their network,
>>and it looks like I could do what's needed with the "sortlist" option.
>>    
>>
>
>I don't think this will work as you hope.  Clients don't generally query 
>authoritative nameservers directly, they query their local caching 
>nameserver, and the caching server recurses to contact the authoritative 
>servers.  Unless the caching server's admnistrator has overridden the 
>default settings, it will perform its own round-robin rotation of the 
>addresses, losing the ordering that you set up with sortlist.
>
Right, but what if one person, or a well-co-ordinated group of people 
happen to maintain the configurations of all those nameservers? Then it 
is feasible to keep all of the sortlist definitions in sync. We are 
doing this in our enterprise.

Also, it's not clear from the original poster's message whether there 
are local caching nameservers in this picture or not (I questioned this 
in my response to the original poster's message).

>What you need to use is views.  You'd need a different version of the 
>zone file for each block of addresses, containing just the server for 
>that area.
>
I don't think views is the way to go here. As you know, you'd have to 
define *every* zone in every view. We have no idea how many zones that 
might represent. I know there are tricks that can be played by sharing 
master files or $INCLUDE files between views, but still, it makes for a 
humungous /etc/named.conf if you have dozens upon dozens of views times 
perhaps half-a-dozen or more zones that might need to be defined in all 
of them. Plus a view-based approach wouldn't be any good if failover is 
desired. Lastly, the original poster was already worried about 
performance; I think all of those views would probably push the 
nameserver over the edge...

                                                                         
                                 - Kevin

More information about the bind-users mailing list