DNS resolution based on source network
kcd at chrysler.com
Mon Sep 27 23:38:29 UTC 2010
Under certain limited circumstances, it might make more sense to put
both/all addresses under the same name, and then use the "sortlist"
mechanism to present those addresses in an order which is suitable for
Among other things, this requires that all resolver/nameserver configs
be configured with the same sortlist configs, that there is no local
randomization or re-sorting of the address list, and that there are no
negative consequences for the client or the client software to connect
to the "wrong" address if the preferred one happens to be unavailable.
"View"s are fine, but historically they're a fairly heavyweight solution
for this class of requirement, because all relevant zones need to be
defined multiply and this is difficult to maintain and consumes extra
memory/CPU resources. The new (9.7.x?) "attach-cache" feature addresses
the resource issue somewhat, but still doesn't obviate
parallel/overlapping zone definitions and associated setup/maintenance.
With sortlisting, all your zone definitions stay the same, you just need
to create the round-robin entries and define the appropriate address
ranges in your "sortlist" and/or "acl"s clauses.
On 9/27/2010 9:00 AM, Thomas Elsgaard wrote:
> Is it possible with BIND, to resolve the same name (like test.gl) to
> different IP's based on the source network of the request?
> Here is an example
> A machine in network 10.3.0.0/16 is contacting DNS to lookup
> "test.gl", DNS returns -> 10.0.0.2
> A machine in network 10.5.0.0/16 is contacting DNS to lookup
> "test.gl", DNS returns -> 10.0.0.5
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users