Hello,
We have 2 sites (Prod and DR) with multiple subnets at each. We host websites at both, with reverse proxies in the DMZ and web servers on internal networks. We also replicate the reverse proxy configs between the two sites to ensure the hosted websites work the same at both locations. This means that the RP configs have to be 'generic' so that the work at both sites. In testing, we decided to do this with DNS, creating 'generic' DNS records that resolve to all web servers at each site, using subnet prioritization.
However, Centos doesn't seem to work the way I thought it would. It looks like it will do subnet prioritization when the server querying the record is in the same subnet that the returned results are in, but not when they are in other networks the server is not in.
Is there a way to configure a CentOS box to have subnet prioritization for networks it doesn't live on?
Thanks in advance,
Joe
Multiple subnet prioritization
Re: Multiple subnet prioritization
I'm not sure what you mean by prioritization, but the BIND definitely can serve different names to different subnets, including localhost.
- WhatsHisName
- Posts: 1549
- Joined: 2005/12/19 20:21:43
- Location: /earth/usa/nj
Re: Multiple subnet prioritization
BIND view statements should do what you need.
These are commonly used for "internal" and "external" views, but how you use them is up to your imagination. In your case, BIND would server different zone files based on the requesting IP.
BIND view examples
These are commonly used for "internal" and "external" views, but how you use them is up to your imagination. In your case, BIND would server different zone files based on the requesting IP.
BIND view examples
Re: Multiple subnet prioritization
Please explain us what do you mean by "subnet prioritization". Depending on the address of DNS client:
For the point 2. it is the "sortlist" feature the answer (using BIND, I do not know how other DNS servers implement this)
- 1. receive different answer
- 2. receive the same answer but different record order
- 3. or something else?
For the point 2. it is the "sortlist" feature the answer (using BIND, I do not know how other DNS servers implement this)
-
- Posts: 20
- Joined: 2011/08/18 12:51:57
Re: Multiple subnet prioritization
All,
First off, thanks for your responses. I'm sorry I never really got back to this, but I just barely figured out what I needed.
Your replies led me down the path I needed. One key piece of info (that I now realize) I forgot to give was that our DNS servers are Windows DNS servers, not Linux. I believe the replies referring to using BIND views is correct in when using BIND as your DNS server. However, as I'm using Windows DNS servers, that means the answer to what I needed is described here: https://support.microsoft.com/en-us/kb/842197
Making this change across all of my DNS servers made it so that DNS Subnet Prioritization worked based off from the class B subnet instead of the default class C. As my sites are divided up by class B (ie Site 1 = 10.10.x.x and site 2 is 172.15.x.x), this means that the DNS servers will respond to clients within that site with the correct corresponding A record.
Sorry if I wasn't too clear in my original post. Thanks again!
First off, thanks for your responses. I'm sorry I never really got back to this, but I just barely figured out what I needed.
Your replies led me down the path I needed. One key piece of info (that I now realize) I forgot to give was that our DNS servers are Windows DNS servers, not Linux. I believe the replies referring to using BIND views is correct in when using BIND as your DNS server. However, as I'm using Windows DNS servers, that means the answer to what I needed is described here: https://support.microsoft.com/en-us/kb/842197
Making this change across all of my DNS servers made it so that DNS Subnet Prioritization worked based off from the class B subnet instead of the default class C. As my sites are divided up by class B (ie Site 1 = 10.10.x.x and site 2 is 172.15.x.x), this means that the DNS servers will respond to clients within that site with the correct corresponding A record.
Sorry if I wasn't too clear in my original post. Thanks again!