Re: How to get random subset of large rrset (30+ IPs for round robin)?
It's incredibly hacky, but what about setting different nameservers with different sets of addresses for the FQDN in question? -- Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get random subset of large rrset (30+ IPs for round robin)?
> On 21 Mar 2020, at 04:22, Bob Harold wrote: > > Do you know why the OS is having a problem? It just occurs to me that the > problem might be that the result does not fit in a UDP packet, (without > EDNS?) and the fallback to TCP is not working. Can you try 'dig ...' and > 'dig +tcp ...' on that OS to see if both are working? If it is DNS TCP > issue, there might be a solution in fixing firewalls/acls/iptables or such. It will almost always be the CPE not implementing DNS over TCP if it is a home user. Stub resolvers fallback to TCP but if the CPE device doesn’t implement DNS over TCP the lookup will fail. Replacing the CPE with a working CPE or reducing the number of records in the response is the work around for this. I would be claiming the cost of the CPE devices back from the manufacture/retailer as they are not fit for purpose. If the stub resolver does EDNS then there are CPE devices which don’t adjust the OPT record to match the minimum of the CPE's UDP buffer size and the UDP buffer size in the request and just pass through the request, this results in truncated UDP responses being returned to the client. Adjusting the advertised UDP buffer size in the EDNS request should work around this. Worst case you drop it to 512 bytes. Now each additional A record takes 16 bytes to transmit (compression pointer(2), type(2), class(2), ttl(4), rdlen(2), data(4)) so with 30 A records you are looking at 480 bytes minimum + the query section + the header + the authority section. Turning on minimal responses will help if not already enabled. Mark > -- > Bob Harold > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get random subset of large rrset (30+ IPs for round robin)?
On 3/20/20 1:14 AM, David Klatt wrote: Hi, Hi, Now I'd like bind to just return a random subset of e.g. 5 IP addresses if someone requests this A record. Hum. That sounds quite contrary to the typical BIND behavior. Reason for this are in my case some (thousands) older clients (that I can't control) that seem not being able to handle that many IPs - the OS resolver just returns an error. Ugh. For my use case I absolutely need to make sure that each IP of that large A record set is given out equally (statistically) and that at any time when bind answers that one A record it only returns a random subset of all these IPs. I question if you need "random" or if "round robin" (rotating) would work. Do they need to be truly random? Or would simply circulating a (possibly randomized) list suffice? Has someone an idea on how to achieve the latter? If cycling through a list would be sufficient, you might consider looking at Dynamically Loadable Zones and Response Policy Service. You might be able to create a custom DLZ driver that: - returned a sub-set of the results of it's own DNS query - returned a sub-set of the rotating list of all of the A records You might be able to create an RPS that would alter the reply before it's sent to clients. Note: My understanding is that RPS is for DNS what milters are for Sendmail. Finally, I don't know if will align with your needs or not, but you might consider a forward zone pointing to a custom DNS server. Thanks a lot in advance! You're welcome. Good luck. I'd be curious to learn what you end up doing. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get random subset of large rrset (30+ IPs for round robin)?
On Fri, Mar 20, 2020 at 1:16 PM Warren Kumari wrote: > On Fri, Mar 20, 2020 at 1:04 PM Matus UHLAR - fantomas > wrote: > > > > >On Fri, Mar 20, 2020 at 3:14 AM David Klatt wrote: > > >> I can't find a way to do the following although I invested plenty of > time > > >> in research - maybe you guys have an idea: > > >> > > >> With bind, I'd need to serve a single A record with 30+ IP > addresses and > > >> these addresses have to be returned in random order round robin, > > >> which is done with: > > > > >> Now I'd like bind to just return a random subset of e.g. 5 IP > addresses > > >> if someone requests this A record. > > > > On 20.03.20 10:37, Warren Kumari wrote: > > >I realize that this is the BIND list, but this sounds like an almost > > >perfect example of PowerDNS's LUA record type (or something with > > >CoreDNS) > > >Other than that, the only thing I can think of is BIND with DLZ and a > > >database that returns a random subset from a DB query, but that sounds > > >awful... > > > > I don't think BIND can do this at all. And I don't think it should... > > > > >> Reason for this are in my case some (thousands) older clients (that I > can't control) > > >> that seem not being able to handle that many IPs - the OS resolver > just returns an error. > > > > why no use IPVS-like load balancer and hide all hosts behind one or two > IPs? > > that would help you much more, amongst others when any of those machines > > fails. > > That's almost definitely the right answer, but there *are* cases where > something like what the OP was asking for - 0.pool.ntp.org springs to > mind as one example. > But, yes, a load balancer / anycast is almost definitely going to be a > better choice... > > Warren. > > > > > > > > -- > > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > > Warning: I wish NOT to receive e-mail advertising to this address. > > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > > WinError #98652: Operation completed successfully. > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. >---maf > > Do you know why the OS is having a problem? It just occurs to me that the problem might be that the result does not fit in a UDP packet, (without EDNS?) and the fallback to TCP is not working. Can you try 'dig ...' and 'dig +tcp ...' on that OS to see if both are working? If it is DNS TCP issue, there might be a solution in fixing firewalls/acls/iptables or such. -- Bob Harold ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get random subset of large rrset (30+ IPs for round robin)?
On Fri, Mar 20, 2020 at 1:04 PM Matus UHLAR - fantomas wrote: > > >On Fri, Mar 20, 2020 at 3:14 AM David Klatt wrote: > >> I can't find a way to do the following although I invested plenty of time > >> in research - maybe you guys have an idea: > >> > >> With bind, I'd need to serve a single A record with 30+ IP addresses and > >> these addresses have to be returned in random order round robin, > >> which is done with: > > >> Now I'd like bind to just return a random subset of e.g. 5 IP addresses > >> if someone requests this A record. > > On 20.03.20 10:37, Warren Kumari wrote: > >I realize that this is the BIND list, but this sounds like an almost > >perfect example of PowerDNS's LUA record type (or something with > >CoreDNS) > >Other than that, the only thing I can think of is BIND with DLZ and a > >database that returns a random subset from a DB query, but that sounds > >awful... > > I don't think BIND can do this at all. And I don't think it should... > > >> Reason for this are in my case some (thousands) older clients (that I > >> can't control) > >> that seem not being able to handle that many IPs - the OS resolver just > >> returns an error. > > why no use IPVS-like load balancer and hide all hosts behind one or two IPs? > that would help you much more, amongst others when any of those machines > fails. That's almost definitely the right answer, but there *are* cases where something like what the OP was asking for - 0.pool.ntp.org springs to mind as one example. But, yes, a load balancer / anycast is almost definitely going to be a better choice... Warren. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > WinError #98652: Operation completed successfully. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get random subset of large rrset (30+ IPs for round robin)?
On Fri, Mar 20, 2020 at 3:14 AM David Klatt wrote: I can't find a way to do the following although I invested plenty of time in research - maybe you guys have an idea: With bind, I'd need to serve a single A record with 30+ IP addresses and these addresses have to be returned in random order round robin, which is done with: Now I'd like bind to just return a random subset of e.g. 5 IP addresses if someone requests this A record. On 20.03.20 10:37, Warren Kumari wrote: I realize that this is the BIND list, but this sounds like an almost perfect example of PowerDNS's LUA record type (or something with CoreDNS) Other than that, the only thing I can think of is BIND with DLZ and a database that returns a random subset from a DB query, but that sounds awful... I don't think BIND can do this at all. And I don't think it should... Reason for this are in my case some (thousands) older clients (that I can't control) that seem not being able to handle that many IPs - the OS resolver just returns an error. why no use IPVS-like load balancer and hide all hosts behind one or two IPs? that would help you much more, amongst others when any of those machines fails. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 9.16 on older platforms
On 2020-03-19 14:53, Rick Dicaire wrote: Hi folks, I have found that new dependencies for 9.16 prevent it being able to build on Slackware linux 14.2 (no ply or libuv). (Yes I'm aware I can do the additional steps of downloading, compiling, installing the deps, but that's not the point) FWIW both libuv and ply are available on SlackBuilds.org for 14.2, neither of which have any dependencies, so with a SBo frontend like https://sbopkg.org/ , it would be a quick and easy install. Of course you probably already know that 9.16 will be in Slackware's 15.0 release; a preview of which is in slackware(64)?-current at this time. 14.2 is likely to remain a viable release for years to come, although SBo will drop support when 15.0 is released. It's usually trivial to backport -current or later-release SBo slackbuild scripts to older Slackware versions. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get random subset of large rrset (30+ IPs for round robin)?
On Fri, Mar 20, 2020 at 3:14 AM David Klatt wrote: > > Hi, > > I can't find a way to do the following although I invested plenty of time > in research - maybe you guys have an idea: > > With bind, I'd need to serve a single A record with 30+ IP addresses and > these addresses have to be returned in random order round robin, > which is done with: > > rrset-order { order random; }; > > and records like: > > foo IN A 10.0.0.1 > foo IN A 10.0.0.2 > foo IN A 10...N > > Now I'd like bind to just return a random subset of e.g. 5 IP addresses > if someone requests this A record. I realize that this is the BIND list, but this sounds like an almost perfect example of PowerDNS's LUA record type (or something with CoreDNS) Other than that, the only thing I can think of is BIND with DLZ and a database that returns a random subset from a DB query, but that sounds awful... W > > Reason for this are in my case some (thousands) older clients (that I can't > control) > that seem not being able to handle that many IPs - the OS resolver just > returns an error. > > For my use case I absolutely need to make sure that each IP of that large > A record set is given out equally (statistically) and that at any time when > bind answers that one A record it only returns a random subset of all these > IPs. > > Has someone an idea on how to achieve the latter? > > Thanks a lot in advance! > > David > Geschäftsführer: Christoph Ostermann (CEO), Oliver Koch, Steffen Schneider, > Hermann Schweizer, Tim Ulbricht. > Amtsgericht Kempten/Allgäu, Registernummer: 10655, Steuernummer > 127/137/50792, USt.-IdNr. DE272208908 > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: New releases of BIND are available: 9.11.17, 9.16.1, and 9.17.0
Hello, On Wed, Mar 18, 2020 at 8:25 PM Michael McNally wrote: > > New releases of BIND are available which contain bug fixes and feature > improvements. > You can download them from the ISC website: > >https://www.isc.org/downloads > > Release notes can be found via these links: > > Stable release branches: > 9.11.17: > https://downloads.isc.org/isc/bind9/9.11.17/RELEASE-NOTES-bind-9.11.17.html > 9.16.1: > https://downloads.isc.org/isc/bind9/9.16.1/RELEASE-NOTES-bind-9.16.1.html I'm about to update ubuntu's bind9 9.16.0 to 9.16.1, and wanted to ask about the pros and cons of this feature change: """ The system-provided POSIX Threads read-write lock implementation is now used by default instead of the native BIND 9 implementation. """ Ubuntu was highlighted in that change due to a bug in bionic[1], for which I have an SRU prepared and am just waiting on a review from my colleagues. There are ppa packages for testing, if someone wants to verify it. glibc is not a package I maintain, but I have an interest in bind9 working well, so I jumped in. But my question is about the upcoming ubuntu focal 20.04, which has an unaffected glibc. Since this is a feature change, and we are in Feature Freeze, I'll have to justify it to the archive admins, and wanted to get some input on what this change makes better. I understand it's your recommendation to use it, since it's the new upstream default, but do you have some more details? Thanks! 1. https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1864864 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to get random subset of large rrset (30+ IPs for round robin)?
[ Classification Level: GENERAL BUSINESS ] Only thing that comes to mind is a constantly-running dynamic update script that adds/deletes records to/from the RRset at random. A more sophisticated version of the script would look at what answers that have been given out in the recent past, and if some addresses were given out more than others (because of the randomness), "tilt" the answer set back more towards equal representation. - Kevin On Fri, Mar 20, 2020 at 3:15 AM David Klatt wrote: > Hi, > > I can't find a way to do the following although I invested plenty of time > in research - maybe you guys have an idea: > > With bind, I'd need to serve a single A record with 30+ IP addresses and > these addresses have to be returned in random order round robin, > which is done with: > > rrset-order { order random; }; > > and records like: > > foo IN A 10.0.0.1 > foo IN A 10.0.0.2 > foo IN A 10...N > > Now I'd like bind to just return a random subset of e.g. 5 IP addresses > if someone requests this A record. > > Reason for this are in my case some (thousands) older clients (that I > can't control) > that seem not being able to handle that many IPs - the OS resolver just > returns an error. > > For my use case I absolutely need to make sure that each IP of that large > A record set is given out equally (statistically) and that at any time when > bind answers that one A record it only returns a random subset of all > these IPs. > > Has someone an idea on how to achieve the latter? > > Thanks a lot in advance! > > David > Geschäftsführer: Christoph Ostermann (CEO), Oliver Koch, Steffen > Schneider, Hermann Schweizer, Tim Ulbricht. > Amtsgericht Kempten/Allgäu, Registernummer: 10655, Steuernummer > 127/137/50792, USt.-IdNr. DE272208908 > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to get random subset of large rrset (30+ IPs for round robin)?
Hi, I can't find a way to do the following although I invested plenty of time in research - maybe you guys have an idea: With bind, I'd need to serve a single A record with 30+ IP addresses and these addresses have to be returned in random order round robin, which is done with: rrset-order { order random; }; and records like: foo IN A 10.0.0.1 foo IN A 10.0.0.2 foo IN A 10...N Now I'd like bind to just return a random subset of e.g. 5 IP addresses if someone requests this A record. Reason for this are in my case some (thousands) older clients (that I can't control) that seem not being able to handle that many IPs - the OS resolver just returns an error. For my use case I absolutely need to make sure that each IP of that large A record set is given out equally (statistically) and that at any time when bind answers that one A record it only returns a random subset of all these IPs. Has someone an idea on how to achieve the latter? Thanks a lot in advance! David Geschäftsführer: Christoph Ostermann (CEO), Oliver Koch, Steffen Schneider, Hermann Schweizer, Tim Ulbricht. Amtsgericht Kempten/Allgäu, Registernummer: 10655, Steuernummer 127/137/50792, USt.-IdNr. DE272208908 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users