per-zone-recursion?

Joerg Dorchain joerg at dorchain.net
Thu Oct 7 19:26:28 UTC 2010


On Mon, Oct 04, 2010 at 11:30:03AM +0200, Kalman Feher wrote:
> >> 
> >> probably it was not thought because it's wrong.
> > 
> > This point is getting religious now, IMHO.
> Bear in mind that your rationale is based on getting an inaccessible DNS
> server to return information that a client has correctly asked for. I can't
> imagine a situation where there'll be a strong desire to codify that kind of
> set up. If your DNS server is not accessible to clients that need to query
> it for data, your set up is wrong. That isn't religious, that is practical
> reality. 

I was more with with lack of arguments or explanations. So thank
you for writing a few words about it. I am completely with you
for all practical aspects. However, I am still surprised that
reverse-proxy-functionality causes that much irritation. For
other protocols, esp. in the days of NAT, it is common practice,
although most likely still not a clean design.

> >> 
> >>>> less palatable option:
> >>>> 
> >>>> 1. Make the other DNS software available on another IP. So normal DNS
> >>>> behaviour works.
> >>> 
> >>> Hm, this is not too easy in practice, but of course optimal solution.
> >>> IPv6 will help here, I hope.
> >> 
> >> I don't think this will solve the problem, it will just be a workaround for
> >> it.
> > 
> > With IPv6, I see much better chances of having more than one
> > address available, which would make the best architectural solution
> > a practical one as well.
> I think you need to consider your architectural design in a different light.
> Address availability is not your problem. Your solution seems to be a work
> around built on a work around. Ask yourself: "am I using DNS to fix a
> problem or shortcoming in another system?". If yes, fix the other system
> instead. 

Yes, this a fix for undesired behaviour of another system, if
you want to put it like this. Unfortunately, the other system is
out of influence. 

I was wondering if there is an easy support in bind for this kind
of situation. Obviously, there is none. No problem with that. It
is a cornercase, and, as you (and others) pointed out,  not a
clean design anyway.
At least, I appreciate the clear view how things should be. If
you think it is abuse the transport real-time data with DNS, I am
ok with that.
Maybe studying the sources helps me for practical matters.

> To be more accurate, the reasons people think they need a TTL of 0 indicate
> they are using DNS incorrectly. Often it is an attempt at working around the
> restrictions of other systems. Hence the guess at load balancing. What data
> are you providing that changes second to second and must be provided using
> DNS? 

I am thinking of situations where no real connectivity is
available but just DNS, and am currently trying to find out how
well bind combines with anything-over-dns implementations. Hence
the separate server software.

Bye,

Joerg



More information about the bind-users mailing list