Forum: CFEngine Help Subject: Re: Do a single DNS lookup Author: simonblake Link to topic: https://cfengine.com/forum/read.php?3,23813,23816#msg-23816
sauer Wrote: ------------------------------------------------------- > Except that it doesn't work that way. It seems > that each new promise which references thesource > iterates through the values returned in DNS. I'm > pretty sure this is a side effect of how the OS's > resolver works, but I'm not positive that it's not > Cfengine instead. This sounds like normal libc/resolver behavior when you call gethostbyname() - ie, it's much the same as if you run host google.com multiple times - you'll get a random entry from the round robin at the top of the list. > I think it'd be handy to be able > to configure how round-robin DNS entries are > handled. I'd like to see a common control > parameter which selects between "first", "random" > and "round-robin" to control which IP cfengine > uses if the resolver provides multiple IPs for a > name. Is there even any concept of "first"? AFAIK, most servers given out the first address in response to the first query (from any client), second address to the second query, loop adnauseum. So while you could say "use the first record each time", you can't guarantee that it's the same record, unless you mess about with rrset-order in bind. If you were going to do that (hack about in the DNS server), then wouldn't a better approach be to return the correct address via ACL's in the DNS server (request from 10.0.0.0/24 return 192.168.0.1, request from 10.1.1.0/24 return 192.168.1.1). It's a bit of a pfaff to setup, but a whole lot more deterministic once you've done so. Alternatively, it's a large network infrastructure, why not anycast your cfengine servers on a dedicated IP block, and let clients find their way to the nearest one? Cheers Simon _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
