> From: ext David Burton [mailto:[EMAIL PROTECTED]] > > [EMAIL PROTECTED] (Kotakoski Harri > > (EXT-Novosys/Copenhagen)) wrote: > > > > Hi David, > > > > There is really nothing wrong with DNS but rather with > implementations > > that are using it. To be exact the operating system and the browser. > Interesting. So the DNS *does* serve up all A records for a > name, but the dumb browsers aren't smart enough to try 'em all?
Yep, that's based on my experience. I haven't done any testing to see difference between different implementations but this seems to be the case. I'm not sure how much is it about browsers using underlaying os's services and in this way it would be feature of operating system. But it seems that in Windows NT system Netscape and IE are working little bit differently when resolving DNS-names. Someone with more experience on DNS could share us more information about this. > Zoneedit.com does all that for you, automatically. They do the > polling, and they update the DNS entries, all automatically. > And it is free, for sites with modest traffic. If you have > really high traffic, you might end up spending $40/year there. This is one possibility. And quite good one. The other is to use firewall/load balancing software that is capable of doing Dynamic DNS also and the third one is to use scripts (for those of us who still believe that there is a better way). > > Another option which crossed my mind just a minute ago is to use > > multiple DNS servers for same domain. And by placing these > servers on > > the same connection as web-servers and defining only > addresses which are > > behind this line you would come into configuration which > would disable > > DNS resolving for addresses behind failed line. However I > consider this > > major a major kludge and as such should not be used. > What a clever idea! It has the advantage of simplicity: you would > not need to ever change the DNS entries at all, no polling scripts, > nothing of that sort. Plus, the "failover" time would just be your > DNS's published TTL. > > However, there's something ugly about intentionally having different > information in your "primary" and "secondary" DNSs. Yeah, it breaks the concept of DNS and zone transfers. I don't like it.. > > Also, this this approach could adversely affect other things. > You couldn't have a tertiary DNS at the other end of the country. > If all your web servers went down, you would have no DNS service > at all, so nobody would be able to find your tertiary mail exchanger > or whatever. Well, you could have third set of zone information on this server which would include all information from other servers. Just to make sure that there is some delay in response so when first and second are online they will answer to DNS-queries faster than tertiary. rgds, Harri > > Still, it is a clever idea. > > -Dave > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
