Bind server with logical host

Nicholas F Miller Nicholas.Miller at Colorado.EDU
Mon Jul 28 17:16:38 UTC 2008


The behavior we are seeing is lookups from our DNS server going out on
the host IP. We want all of the traffic to be routed though the logical
IP, which is our DNS server. We have 'listen-on' set to the logical IP
but recursive lookups to the outside world are going through the host
IP.

________________________________________________________
Nicholas Miller, ITS, University of Colorado at Boulder


> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Kevin Darcy
> Sent: Wednesday, July 23, 2008 6:45 PM
> To: bind-users at isc.org
> Subject: Re: Bind server with logical host
> 
> Nicholas F Miller wrote:
> > We have upgraded our DNS servers recently to Bind 9.5. In the
upgrade
> we
> > also went to logical host names. There is now the host name and then
> the
> > DNS server is plumbed as a logical host. Since we have done this we
> are
> > seeing DNS answers happening on the host IP. We would like to
> restrict
> > the DNS traffic to the logical host.
> >
> > Will the 'listen on' switch let us restrict the DNS traffic to our
> > logical host IP?
> >
> >
> Listen-on won't *redirect* queries, if that's what you're asking. If
> clients are sending queries to the wrong IP, nothing you can do on the
> server side will stop that. listen-on can restrict whether you accept
> those packets or not, but if you don't accept them, the queries will
> simply time out and fail. Is that acceptable?
> 
> If the clients have both the Host IP and the "logical" IP in their
> resolver configs, in that order, then if you no longer listen on the
> Host IP, they may "transparently" fail over to the "logical" IP, but
it
> won't be completely "transparent", in truth, since it will introduce a
> delay to every name lookup. Enough that some (impatient) apps may
> actually experience lookup failures. So do this at your own risk.
> 
> As for responses, named sends those back from the address on which the
> original query was received. So, if you can fix the clients to send
> their queries to the correct address in the first place, the responses
> will follow suit.
> 
> - Kevin
> 
> 



More information about the bind-users mailing list