Nicholas F Miller wrote: > The behavior we are seeing is lookups from our DNS server going out on > the host IP. We want all of the traffic to be routed though the logical > IP, which is our DNS server. We have 'listen-on' set to the logical IP > but recursive lookups to the outside world are going through the host > IP. > > ________________________________________________________ > Nicholas Miller, ITS, University of Colorado at Boulder > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >> Behalf Of Kevin Darcy >> Sent: Wednesday, July 23, 2008 6:45 PM >> To: [email protected] >> Subject: Re: Bind server with logical host >> >> Nicholas F Miller wrote: >> >>> We have upgraded our DNS servers recently to Bind 9.5. In the >>> > upgrade > >> we >> >>> also went to logical host names. There is now the host name and then >>> >> the >> >>> DNS server is plumbed as a logical host. Since we have done this we >>> >> are >> >>> seeing DNS answers happening on the host IP. We would like to >>> >> restrict >> >>> the DNS traffic to the logical host. >>> >>> Will the 'listen on' switch let us restrict the DNS traffic to our >>> logical host IP? >>> >>> >>> >> Listen-on won't *redirect* queries, if that's what you're asking. If >> clients are sending queries to the wrong IP, nothing you can do on the >> server side will stop that. listen-on can restrict whether you accept >> those packets or not, but if you don't accept them, the queries will >> simply time out and fail. Is that acceptable? >> >> If the clients have both the Host IP and the "logical" IP in their >> resolver configs, in that order, then if you no longer listen on the >> Host IP, they may "transparently" fail over to the "logical" IP, but >> > it > >> won't be completely "transparent", in truth, since it will introduce a >> delay to every name lookup. Enough that some (impatient) apps may >> actually experience lookup failures. So do this at your own risk. >> >> As for responses, named sends those back from the address on which the >> original query was received. So, if you can fix the clients to send >> their queries to the correct address in the first place, the responses >> will follow suit. >> >> Ah, OK, I understand now.
Check out "query-source" in the ARM. - Kevin
