Domain name based multihome routing?
warren at kumari.net
Tue Jun 26 18:26:53 UTC 2018
On Tue, Jun 26, 2018 at 12:45 PM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:
> On 06/25/2018 11:08 PM, Dale Mahalko wrote:
> > * The secondary program looks up the domain in a database, which also
> > includes the multihome destination for each domain. If a match is found,
> > a route is created to that multihome destination. Aliased acceleration
> > domains such as Akamai will be matched using the primary domain name.
> Are you saying that you want to dynamically update routes to IPs
> resolved in real time to specific host / domain names? Such that
> traffic to specific hosts / domain names is routed over DSL? With
> things that don't match conditions routed over cell?
It feels like one should be able to cobble together something hilarious
A: RPZ to return a AAAA only answer,
Have RPZ suppress the A record, and return a synthesized AAAA with the
NAT64 prefix tacked on the front. This will route it to a NAT64 box which
converts it to a v4 address, and Bobs yer uncle.
This seems like it would work, but be fragile and annoying.
> > * I want to put all the huge background bandwidth eating maintenance
> > downloads such as Microsoft Windows updates, Microsoft Store updates,
> > Microsoft P2P updates, Steam game downloads and updates, Adobe updates,
> > iTunes updates, iPhone iOS and App updates, and so forth on the slow DSL.
> > * I want to put all the other things that are important to me like
> > multiplayer gaming UDP streams, remote desktop / SSH, video streaming,
> > and general web browsing on the cellular modem.
> I think I understand what you want to do and why you want to do it.
> It seems like you're using named as the source of information to feed
> into the process that dynamically updates routing.
> I find the pausing of named to be questionable. But I understand that
> you want to make sure that no connections are started until after the
> (re)routing has been done.
> I feel like most of this is outside of named's scope and that it would
> run as a different user.
> I would suggest exploring BIND's new Response Policy Service. I think
> it provides a way for BIND to send information to a side program for
> various ""filtering actions. IMHO there's no reason that such a side
> program has to actually filter requests / responses. Instead, you could
> use that as an information feed to do what you're wanting to do with IPs
> and routes. I just don't know about the ability to pause the response.
> Unless it's possible to do the route modification before returning the
> reply to BIND.
> Grant. . . .
> unix || die
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users