RE: OT: DNS Question

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 23 Sep 2005 13:20:08 -0300

This is just for OWA Access with IE

Both lines will be up 24 / 7...it's juat a backup in case of one or the
other goes down 

-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: Friday, September 23, 2005 1:09 PM
To: ISA Mailing List
Subject: [isalist] RE: OT: DNS Question

http://www.ISAserver.org


Keep in mind that in general DNS round-robin gets flaky at the
application level since it's up to the application to determine how it
handles resolution responses.  If the app don't know round-robin you'll
get incosistent results at best, and you know how many developers are in
tune with networking theories and security...

For example:
host1.blah.com. IN      A       192.168.0.1
host1.blah.com. IN      A       192.168.0.2

Query 1 for host1.blah.com returns:
192.168.0.1,192.168.0.2

Query 2 for host1.blah.com returns:
192.168.0.2,192.168.0.1

Query 3 returns
192.168.0.1,192.168.0.2

Etc.

Say 192.168.0.1 goes down, a client's resolver caches that response, AND
the app don't know round-robin.  Regardless of the state of 192.168.0.2,
the client's hosed until either 192.168.0.1 comes back up or the TTL on
the record lapses.

RR has certainly been around long enough.  In most cases, in my
experience anyway, it's only been useful to make sure that at least some
people don't lose access.  I'd agree that you're relatively safe in the
mail world since mail's such a commodity service and is so in bed with
DNS, but definitely play with it first :)  And maybe keep low TTL's on
the RR records.  You can always then go in and whack the one record
whose host is down if necessary to force all responses to resolve to the
host that's up.

>-----
>Robert Bosch Corporation
>Technical Systems Analyst (RBNA/CSA1)
>Corporate Sales Reporting Systems
>38000 Hills Tech Drive - Farmington Hills, MI 48331 - USA
>phone: 1 (248) 553-1164    fax: 1 (248) 848-6969
>shawn.quillman@xxxxxxxxxxxx
>http://www.bosch.us

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Friday, September 23, 2005 11:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OT: DNS Question

http://www.ISAserver.org

Cool...thats what I thought

Thanks 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Friday, September 23, 2005 12:23 PM
To: ISA Mailing List
Subject: [isalist] RE: OT: DNS Question

http://www.ISAserver.org

Hi Steve,

You can create two Host (A) records for mail.bldc.com.

The create an MX record for mail.bldc.com.

Enable DNS RR on the DNS server.

That should do it, unless this capsicum has gone to my brainium, borax
and abominable cavity.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Steve Moffat [mailto:steve@xxxxxxxxxx]
> Sent: Friday, September 23, 2005 10:14 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] OT: DNS Question
> 
> http://www.ISAserver.org
> 
> Normally, I'm quite good at DNS, (STFU Greggo....:), but I cant get my

> head around this one...:)
> 
> No ISA involved yet....it's on the cards.
> 
> Client has 1 dedicated line and 1 ADSL line.  Heh heh not a load 
> balancing or teaming question.
> 
> Dedicated line has an fqdn of mail.bldc.com
> 
> ADSL line has an fqdn of mail2.bldc.com (Static IP)
> 
> Now...I want to be able to resolve mail.bldc.com to both IP's, is this

> possible in DNS, externally hosted?.....so that if one line is down, 
> it'll go to the other.
> 
> Thanks
> 
> Steve
> 
> The correct technical term for haggis stalking is "havering". 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The correct technical term for haggis stalking is "havering". 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The correct technical term for haggis stalking is "havering". 



Other related posts: