How to find ver in BIND 8.x for NT?

Brad Knowles brad at stop.mail-abuse.org
Wed May 18 01:19:35 UTC 2005 

At 7:48 PM -0400 2005-05-17, Danny Mayer wrote:

>  Because of a number of architectural issues that were finally fixed
>  in BIND 9.3.0 and 9.2.4 I don't recommend any version of BIND
>  earlier than those and none of the BIND 8 versions.

	Good advice.

>                                                       BIND 9 does
>  support round robin but I have no idea what you mean by round robin
>  through multiple CNAME's nor why you need to use multiple CNAME's.

	I'm not sure, but he may be talking about the same CNAME trick we 
were using at AOL to do very crude round-robin load-balancing for 
americaonline.aol.com (the hostname that the AOL client connects to, 
if you bring your own access).

	What it amounts to is a CNAME chain, with multiple CNAME records 
at certain levels.  So, americaonline.aol.com might have multiple 
aliases pointing to dial.internet.aol.com, dial1.internet.aol.com, 
... dialXXXX.internet.aol.com.  Likewise, each of the 
dialXXXX.internet.aol.com names would have multiple CNAME records 
pointing to 1.internet.aol.com, 2.internet.aol.com, ... 
YYY.internet.aol.com, and the actual A records are only associated 
with the final CNAME target.

	The cool thing is that, when you do anything other than a CNAME 
query for a given hostname, only one path down the CNAME chain will 
be followed.  Just two numeric digits in the CNAME aliases for two 
levels could give you ten thousand different final sets of target IP 
addresses, and each final set would be relatively limited in size.

	Anyway, we couldn't use it for mail, because you can't point MX 
records at CNAMEs, but it worked a treat for americaonline.aol.com.


	However, I believe that this is an old trick that works under 
BIND-8 and not under BIND-9.  IIRC, this wasn't technically illegal 
according to the original spec and BIND-8 allowed it, but apparently 
BIND-9 tightened up on this issue (perhaps in response to some newer 
guidance?).

	If you check the authoritative nameservers for AOL, you will find 
that dns-01.ns.aol.com through dns-09.ns.aol.com appear to be running 
BIND 9.2.3rc1-9.4.0a0 (according to fpdns.pl), while internet.aol.com 
is delegated to two other nameservers (aol-23a.aol.com and 
aol-23b.aol.com), both of which appear to be running BIND 
8.3.0rc1-8.4.4 (according to fpdns.pl).

	Interestingly, these latter two machines also appear to have 
recursion enabled.  I'll have to have a talk with the hostmaster 
folks.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-users mailing list