Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS BIND

Posted on 2013-01-29
3
Medium Priority
?
271 Views
Last Modified: 2013-02-06
Hello BIND experts,

I'm not a DNS expert. Suppose i have two BIND servers. Both have the entries below:

vpn.pepsi.com.                 in      ns      adns-LA.pepsi.com.
vpn.pepsi.com.                 in      ns      adns-NY.pepsi.com.
adns-LA.pepsi.com.               in      a      1.1.1.1
adns-NY.pepsi.com.               in      a      2.2.2.2


Question#1: Are lookups for vpn.pepsi.com being round-robined or are both A records being returned to the client?

Question #2: If lookups are being round-robined, supposed adns-la.pepsi.com (1.1.1.1) goes down. Wouldn't BIND still try to answer with that record? I assume yes since it doesnt have a way to know that adns-la.pepsi.com is down.
0
Comment
Question by:trojan81
  • 2
3 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 38833907
to configure RR on BIND DNS, you would define multiple A records with the same name and different IPs.

adns-LA.pepsi.com.               in      a      1.1.1.1
                                                 in      a      2.2.2.2

adns-NY.pepsi.com.               in      a      3.3.3.3
                                                 in      a      4.4.4.4

or similarly

vpn.pepsi.com                in          a       1.1.1.1
                                         in           a       2.2.2.2
                                         in            a      3.3.3.3
                                         in             a     4.4.4.4

DNS will deliver all the IP addresses defined, the first IP address in the returned list will be in a (default) round robin order (controlled by the rrset-order 'named.conf' statement).
0
 

Author Comment

by:trojan81
ID: 38833920
ultralites, thanks for the explanation. I don't see that in the BIND configs so I assume we are not RR.

So based on my example, when a user does a lookup for vpn.pepsi.com is he querying both ADNS-la.pepsi.com and adns-ny.pepsi.com?
0
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 2000 total points
ID: 38835727
I think it would depend on the routing decisions made based on path, network policies, and/or rule-sets. I would assume the faster/shorter connection would respond first.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question