This subject has probably been talked to death, so I apologise in advance for bringing it up! Is there any DNS server currently availible that can reply to DNS lookups based on the source IP address? Yes, this would be for directing users to a 'local' server hosting www.example.org (or something similar). Yes, this is not the best way of doing it I know :-) I was wondering if there was something available that DID this yet. Thanks. -- Avleen Vig Work Time: Unix Systems Administrator Play Time: Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
On Wed, Apr 24, 2002 at 08:55:15PM +0100, Avleen Vig wrote:
This subject has probably been talked to death, so I apologise in advance for bringing it up!
Is there any DNS server currently availible that can reply to DNS lookups based on the source IP address?
Yes, this would be for directing users to a 'local' server hosting www.example.org (or something similar). Yes, this is not the best way of doing it I know :-)
Something more dynamic than Bind9 views? Adi
Hello Avleen, Wednesday, April 24, 2002, 2:55:15 PM, you wrote: AV> This subject has probably been talked to death, so I apologise in advance AV> for bringing it up! AV> Is there any DNS server currently availible that can reply to DNS lookups AV> based on the source IP address? AV> Yes, this would be for directing users to a 'local' server hosting AV> www.example.org (or something similar). AV> Yes, this is not the best way of doing it I know :-) AV> I was wondering if there was something available that DID this yet. Split horizon DNS is the term you are looking for. It's trivial to do with TinyDNS. I know BIND supports it but I've never set it up with BIND. I'd say any mature DNS server supports it. Thanks, David mailto:davidu@everydns.net
On Wed Apr 24, 2002 at 08:55:15PM +0100, Avleen Vig wrote:
Is there any DNS server currently availible that can reply to DNS lookups based on the source IP address?
Yes, all those global load balancing products. (e.g. Cisco Distributed Director). Alternatively, some people (myself included) have written their own DNS server for use within their organisation which does the same thing. I'm not aware of a freeware solution to this.
Yes, this would be for directing users to a 'local' server hosting www.example.org (or something similar). Yes, this is not the best way of doing it I know :-)
It's the best way to do global server load balancing, as I see it. Simon -- Simon Lockhart | Tel: +44 (0)1737 839676 Internet Engineering Manager | Fax: +44 (0)1737 839516 BBC Internet Services | Email: Simon.Lockhart@bbc.co.uk Kingswood Warren,Tadworth,Surrey,UK | URL: http://support.bbc.co.uk/
On Wed, Apr 24, 2002 at 09:00:49PM +0100, Simon Lockhart wrote:
Yes, this would be for directing users to a 'local' server hosting www.example.org (or something similar). Yes, this is not the best way of doing it I know :-)
It's the best way to do global server load balancing, as I see it.
If you have a network, you can just use the same IP for your dns servers in multiple locations, and let your IGP route it to the closest one. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
I believe this is in the context of: 'hax0r _bob (for instance) has a PTR for his ip which says "I.love.humble.net" when machines a->y query for the PTR, BUT when machine z queries it returns "www.cert.org"' I could be off base here, but I think this is the question Avleen is asking, eh? --Chris (chris@uu.net) On Wed, 24 Apr 2002, Richard A Steenbergen wrote:
On Wed, Apr 24, 2002 at 09:00:49PM +0100, Simon Lockhart wrote:
Yes, this would be for directing users to a 'local' server hosting www.example.org (or something similar). Yes, this is not the best way of doing it I know :-)
It's the best way to do global server load balancing, as I see it.
If you have a network, you can just use the same IP for your dns servers in multiple locations, and let your IGP route it to the closest one.
-- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Hey Chris ;) On Thu, 25 Apr 2002, Christopher L. Morrow wrote:
I believe this is in the context of: 'hax0r _bob (for instance) has a PTR for his ip which says "I.love.humble.net" when machines a->y query for the PTR, BUT when machine z queries it returns "www.cert.org"'
Hmmm, yes and no :-)
I could be off base here, but I think this is the question Avleen is asking, eh?
I was asking about almost the opposite. Actual scenario is this: Load balancing WWW and IRC servers. I believe this use of load-balanced DNS would be a fairly typical use. I want all users from IP space allocated to ARIN to go to my US web and IRC servers. I want all other users to go to my EU based servers. I want to maintain two primary servers in each continent as hubs across which all traffic flows, and data is sync'd. As someone clearly pointed out to me, people have taken IP space from these regions and ported it to other places in the world. While this may be true, I believe it's use is small enough that I don't have to worry about it too much. On the other hand what you point out would be a very important effect for this. Potentially a good way to obfuscate your hostnames to either a small select group, or to the whole world.
On Wed, 24 Apr 2002, Avleen Vig wrote:
Is there any DNS server currently availible that can reply to DNS lookups based on the source IP address?
Yes. djbdns has done this for quite a while. Note I am not necessarily recommending the use of djbdns, I am just saying it will do this. I also know that bind9 has added functionality similar to what you are looking for. I'm a bind fan myself. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/
On Wed, Apr 24, 2002 at 08:55:15PM +0100, Avleen Vig wrote:
This subject has probably been talked to death, so I apologise in advance for bringing it up!
Is there any DNS server currently availible that can reply to DNS lookups based on the source IP address?
http://www.powerdns.com/pdns and especially http://doc.powerdns.com/a1405.html#PIPEBACKEND and http://doc.powerdns.com/backend-writers-guide.html But beware, it is not free, not as in beer and not as in speech! Free for not-for-profit use though. The pipebackend will let you do this in perl or in python or whatever. You could also code more complete backends in C++ using the third URL. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
Bind version 9 has the "view" config statement that may do what you want -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of bert hubert Sent: Sunday, May 26, 2002 9:11 AM To: Avleen Vig Cc: nanog@merit.edu Subject: Re: Selective DNS replies On Wed, Apr 24, 2002 at 08:55:15PM +0100, Avleen Vig wrote:
This subject has probably been talked to death, so I apologise in advance for bringing it up!
Is there any DNS server currently availible that can reply to DNS lookups based on the source IP address?
http://www.powerdns.com/pdns and especially http://doc.powerdns.com/a1405.html#PIPEBACKEND and http://doc.powerdns.com/backend-writers-guide.html But beware, it is not free, not as in beer and not as in speech! Free for not-for-profit use though. The pipebackend will let you do this in perl or in python or whatever. You could also code more complete backends in C++ using the third URL. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
:: On Wed, Apr 24, 2002 at 08:55:15PM +0100, Avleen Vig wrote: :: > :: > This subject has probably been talked to death, so I apologise in advance :: > for bringing it up! :: > :: > Is there any DNS server currently availible that can reply to DNS lookups :: > based on the source IP address? :: djbdns (tinydns) can do this via location tags. http://cr.yp.to/djbdns/faq/tinydns.html (see question: "How do I send different clients to different clusters of servers?") -jba __ [jba@analogue.net] :: analogue.networks.nyc :: http://analogue.net
participants (11)
-
Adam Rothschild
-
Aditya
-
Avleen Vig
-
bert hubert
-
Christopher L. Morrow
-
David Ulevitch
-
Forrest W. Christian
-
jeffrey arnold
-
Richard A Steenbergen
-
Simon Lockhart
-
South Valley Internet