Re: djb and multiple IPs

To: debian-isp@lists.debian.org
Subject: Re: djb and multiple IPs
From: Adriano Nagelschmidt Rodrigues <anr@estadao.com.br>
Date: Tue, 26 Nov 2002 23:03:44 -0200
Message-id: <[🔎] 20021127010344.GA1093@chianti.safira.anet>
Mail-followup-to: debian-isp@lists.debian.org
In-reply-to: <[🔎] 20021126235136.GD26387@taz.net.au>
References: <[🔎] 20021119230756.1F6C71FB269@jovanka.moj.net> <[🔎] 1038294062.10157.41.camel@toa> <[🔎] 20021126095221.GC10847@lodz.tpsa.pl> <[🔎] 20021126172740.GA617@chianti.safira.anet> <[🔎] 20021126183742.GK10847@lodz.tpsa.pl> <[🔎] 20021126200405.12699c3d.linzi@cyber-poll.hu> <[🔎] 20021126235136.GD26387@taz.net.au>

Craig Sanders writes:
> yep, that's the obvious way to do it.  it does leave a few questions,
> though:
> 
> 1. can this kind of setup return authoritative answers?

I don't think so, you would only be talking to dnscache. If you want a public
dns server, you need to run tinydns on a public IP address.

> 2. can it handle incoming zone-transfer requests for your secondaries?
> getting other ISPs to change their secondary configuration can be a
> pain, but getting a customer (who happens to secondary their own domain
> from your server - not an uncommon situation) is almost impossible.

You need to setup axfrdns to handle zone-transfers. tinydns & axfrdns can run
on the same IP address, because they use different protocols (udp and tcp,
respectively).

> 3. can tinydns send a zone xfer request from the real IP address even
> when it's configured to run only on 127.0.0.1?

Nope, AFAIK.

[snip potential flammable material ;-]

> if i tried doing it, there'd be a week of two of complete chaos, with
> almost all customers getting the impression that our service was broken
> (to their eyes, it would be)...and i'd still be dealing with customer
> problems months later because some customers are just incapable of
> following clear and simple instructions, sometimes it's difficult enough
> getting help desk staff to understand what needs to be done - i know all
> you ISPs out there will find this hard to believe, but it's true :)

If you don't provide dns cache (recursive) services to your clients, there's
no problem. If you do, you can install new caches at different IPs and give
your clients time until you migrate your bind dns servers.

> what would be useful here is an application layer DNS proxy sitting on
> port 53 (both tcp and udp), with both authoritative and recursive
> servers on other IP addresses.   that way neither customers, secondary
> servers, nor help desk staff would need to do anything - as far as
> they're concerned, nothing has changed.

Then you'd be (almost) back to bind.

Regards,

--
Adriano

Reply to:

References:
- djb and multiple IPs
  - From: jernej horvat <j@aufbix.org>
- Re: djb and multiple IPs
  - From: Jorge.Lehner@gmx.net
- Re: djb and multiple IPs
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>
- Re: djb and multiple IPs
  - From: Adriano Nagelschmidt Rodrigues <anr@estadao.com.br>
- Re: djb and multiple IPs
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>
- Re: djb and multiple IPs
  - From: Kinszler Balazs <linzi@cyber-poll.hu>
- Re: djb and multiple IPs
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: djb and multiple IPs
Next by Date: Re Lilo
Previous by thread: Re: djb and multiple IPs
Next by thread: Re: djb and multiple IPs
Index(es):
- Date
- Thread