How to find ver in BIND 8.x for NT?
Brad Knowles
brad at stop.mail-abuse.org
Wed May 18 01:19:35 UTC 2005
At 7:48 PM -0400 2005-05-17, Danny Mayer wrote:
> Because of a number of architectural issues that were finally fixed
> in BIND 9.3.0 and 9.2.4 I don't recommend any version of BIND
> earlier than those and none of the BIND 8 versions.
Good advice.
> BIND 9 does
> support round robin but I have no idea what you mean by round robin
> through multiple CNAME's nor why you need to use multiple CNAME's.
I'm not sure, but he may be talking about the same CNAME trick we
were using at AOL to do very crude round-robin load-balancing for
americaonline.aol.com (the hostname that the AOL client connects to,
if you bring your own access).
What it amounts to is a CNAME chain, with multiple CNAME records
at certain levels. So, americaonline.aol.com might have multiple
aliases pointing to dial.internet.aol.com, dial1.internet.aol.com,
... dialXXXX.internet.aol.com. Likewise, each of the
dialXXXX.internet.aol.com names would have multiple CNAME records
pointing to 1.internet.aol.com, 2.internet.aol.com, ...
YYY.internet.aol.com, and the actual A records are only associated
with the final CNAME target.
The cool thing is that, when you do anything other than a CNAME
query for a given hostname, only one path down the CNAME chain will
be followed. Just two numeric digits in the CNAME aliases for two
levels could give you ten thousand different final sets of target IP
addresses, and each final set would be relatively limited in size.
Anyway, we couldn't use it for mail, because you can't point MX
records at CNAMEs, but it worked a treat for americaonline.aol.com.
However, I believe that this is an old trick that works under
BIND-8 and not under BIND-9. IIRC, this wasn't technically illegal
according to the original spec and BIND-8 allowed it, but apparently
BIND-9 tightened up on this issue (perhaps in response to some newer
guidance?).
If you check the authoritative nameservers for AOL, you will find
that dns-01.ns.aol.com through dns-09.ns.aol.com appear to be running
BIND 9.2.3rc1-9.4.0a0 (according to fpdns.pl), while internet.aol.com
is delegated to two other nameservers (aol-23a.aol.com and
aol-23b.aol.com), both of which appear to be running BIND
8.3.0rc1-8.4.4 (according to fpdns.pl).
Interestingly, these latter two machines also appear to have
recursion enabled. I'll have to have a talk with the hostmaster
folks.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list