Selective DNS replies

ASV · April 24, 2002, 7:55pm

This subject has probably been talked to death, so I apologise in advance
for bringing it up!

Is there any DNS server currently availible that can reply to DNS lookups
based on the source IP address?

Yes, this would be for directing users to a 'local' server hosting
www.example.org (or something similar).
Yes, this is not the best way of doing it I know

I was wondering if there was something available that DID this yet.

Thanks.

Aditya1 · April 24, 2002, 7:58pm

Something more dynamic than Bind9 views?

Adi

David_A_Ulevitch · April 24, 2002, 7:59pm

Hello Avleen,

Wednesday, April 24, 2002, 2:55:15 PM, you wrote:

This subject has probably been talked to death, so I apologise in advance
for bringing it up!

Is there any DNS server currently availible that can reply to DNS lookups
based on the source IP address?

Yes, this would be for directing users to a 'local' server hosting
www.example.org (or something similar).
Yes, this is not the best way of doing it I know

I was wondering if there was something available that DID this yet.

Split horizon DNS is the term you are looking for.

It's trivial to do with TinyDNS. I know BIND supports it but I've
never set it up with BIND. I'd say any mature DNS server supports it.

Thanks,
David mailto:davidu@everydns.net

Simon_Lockhart2 · April 24, 2002, 8:00pm

Is there any DNS server currently availible that can reply to DNS lookups
based on the source IP address?

Yes, all those global load balancing products. (e.g. Cisco Distributed
Director). Alternatively, some people (myself included) have written
their own DNS server for use within their organisation which does the
same thing. I'm not aware of a freeware solution to this.

Yes, this would be for directing users to a 'local' server hosting
www.example.org (or something similar).
Yes, this is not the best way of doing it I know

It's the best way to do global server load balancing, as I see it.

Simon

Adam_Rothschild1 · April 24, 2002, 8:27pm

tinydns can; the obvious challenge is devising a useful set of mapping
metrics.

-a

Forrest_W_Christian · April 24, 2002, 9:28pm

Yes. djbdns has done this for quite a while. Note I am not necessarily
recommending the use of djbdns, I am just saying it will do this.

I also know that bind9 has added functionality similar to what you are
looking for. I'm a bind fan myself.

- Forrest W. Christian (forrestc@imach.com) AC7DE

Richard_A_Steenbegen · April 24, 2002, 11:30pm

If you have a network, you can just use the same IP for your dns
servers in multiple locations, and let your IGP route it to the closest
one.

Christopher_L_Morrow · April 25, 2002, 3:33am

I believe this is in the context of:

'hax0r _bob (for instance) has a PTR for his ip which says
"I.love.humble.net" when machines a->y query for the PTR, BUT when machine
z queries it returns "www.cert.org"'

I could be off base here, but I think this is the question Avleen is
asking, eh?

--Chris
(chris@uu.net)

ASV · April 25, 2002, 8:18am

Hey Chris

I believe this is in the context of:
'hax0r _bob (for instance) has a PTR for his ip which says
"I.love.humble.net" when machines a->y query for the PTR, BUT when machine
z queries it returns "www.cert.org"'

Hmmm, yes and no

I could be off base here, but I think this is the question Avleen is
asking, eh?

I was asking about almost the opposite.

Actual scenario is this:
Load balancing WWW and IRC servers.
I believe this use of load-balanced DNS would be a fairly typical use.
I want all users from IP space allocated to ARIN to go to my US web and
IRC servers. I want all other users to go to my EU based servers.
I want to maintain two primary servers in each continent as hubs across
which all traffic flows, and data is sync'd.

As someone clearly pointed out to me, people have taken IP space from
these regions and ported it to other places in the world. While this may
be true, I believe it's use is small enough that I don't have to worry
about it too much.

On the other hand what you point out would be a very important effect for
this. Potentially a good way to obfuscate your hostnames to either a small
select group, or to the whole world.

bert_hubert · May 26, 2002, 4:10pm

http://www.powerdns.com/pdns and especially
http://doc.powerdns.com/a1405.html#PIPEBACKEND

and
http://doc.powerdns.com/backend-writers-guide.html

But beware, it is not free, not as in beer and not as in speech! Free for
not-for-profit use though.

The pipebackend will let you do this in perl or in python or whatever. You
could also code more complete backends in C++ using the third URL.

Regards,

bert

Garlic · May 26, 2002, 4:19pm

Bind version 9 has the "view" config statement that may do what you want

jeffrey_arnold · May 26, 2002, 8:53pm

:: On Wed, Apr 24, 2002 at 08:55:15PM +0100, Avleen Vig wrote:
:: >
:: > This subject has probably been talked to death, so I apologise in advance
:: > for bringing it up!
:: >
:: > Is there any DNS server currently availible that can reply to DNS lookups
:: > based on the source IP address?
::

djbdns (tinydns) can do this via location tags.

http://cr.yp.to/djbdns/faq/tinydns.html
(see question: "How do I send different clients to different clusters of
servers?")

-jba