RE: DNS for multi-interfaces host

From: Yuan Huailin-w19410 (H.L.Yuan@motorola.com)
Date: Thu Nov 21 2002 - 03:44:51 EST


But in windows system, We can set the DNS servers for each connection( here, I mean the net interface).
For example, on my windows host, I have 1 eth card and I built a dial-up network. We can set DNS server for each of them.

What I concerned is if linux system can also provide the same feature?

thanks

-----Original Message-----
From: Glynn Clements [mailto:glynn.clements@virgin.net]
Sent: Thursday, November 21, 2002 3:31 PM
To: Yuan Huailin-w19410
Cc: linux-net@vger.kernel.org
Subject: RE: DNS for multi-interfaces host

Yuan Huailin-w19410 wrote:

> If I have 2 or more net interfaces on my host, and each interface
> connect to a large private network( A and B). each private network has
> their own DNS server.
>
> Now, on my host, I launch the www browser. when I want browse the
> website in A, I enter www.website.a into address bar, browser will
> lookup the IP of this site based on the dns setting in
> /etc/resolv.conf. When I enter www.website.b into address bar, it will
> also do the same thing.
>
> If the DNS servers are below for A and B:
>
> A:
> 200.61.2.100
> 200.61.2.101
>
> B:
> 202.10.210.1
> 202.10.210.2
>
> if I just list them all in the /etc/resolv.conf is enough to let
> browser can access websites in A and B?
>
> nameserver 200.61.2.100
> nameserver 200.61.2.101
> nameserver 202.10.210.1
> nameserver 202.10.210.2

If each pair of DNS servers can only answer queries for a specific
domain, that won't work.

With the above configuration, all queries will be sent to
200.61.2.100. The other DNS servers will only be tried if the first
DNS server fails to answer within a given time period. If the first
DNS server returns a negative response, the query will fail.

In this situation, the obvious solution is to run a DNS server which
forwards queries for those domains to other DNS servers, e.g.

     zone "a" {
       type forward;
       forward only;
       forwarders { 200.61.2.100 ; 200.61.2.101 ; };
     };

     zone "b" {
       type forward;
       forward only;
       forwarders { 202.10.210.1 ; 202.10.210.2 ; };
     };

There is no way to achieve this without using a DNS server (unless you
store *all* relevant hostnames in /etc/hosts, which may not be
practical); the resolver library cannot be configured with this degree
of granularity.

A better solution is for the private zones to be added to the global
DNS, and to use access controls to restrict who can actually query the
DNS servers. Private DNS zones will only work for systems which are
explicitly configured (whether manually or dynamically, e.g. via DHCP)
to use the appropriate DNS servers.

-- 
Glynn Clements <glynn.clements@virgin.net>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



This archive was generated by hypermail 2b29 : Sat Nov 23 2002 - 22:00:00 EST