On 04/13/2012 11:00 PM, Brian Cook wrote: > Yes, this is exactly what I am trying to accomplish. I've already > been looking in to the BIND views clause and would like to hear if > anyone has any feedback as to how well this works in the real world. > > In this case the implementation of IPA is using an external standard > BIND implementation loading from text files. However, views would be > very useful for IPA to be able to do internally, so figuring out how > to get this option in to BIND using 389ds backend would be a useful step. >
AFAIK there is an SSSD RFE that allows you to define a group of primary servers for a client that the client would use to fail over between and only when they all are not available it will fail over to DNS. At least I remember a discussion about it. It seems that such feature would accomplish the same but with less work. Would it be sufficient? See comment 6 in the https://fedorahosted.org/sssd/ticket/1128 > Thanks, > Brian > > --- > Brian Cook > Solutions Architect, Red Hat, Inc. > 407-212-7079 > > > > > On Apr 13, 2012, at 2:41 PM, Petr Spacek wrote: > >> On 04/13/2012 10:28 PM, Jakub Hrozek wrote: >>> On Fri, Apr 13, 2012 at 01:04:55PM -0700, Brian Cook wrote: >>>> Ideally I would rely on a -group- of servers, and then rely on >>>> DNS if it >>>> is down. I don't want to hammer one server. We're talking >>>> about 500-1000 >>>> servers running virtual machines, so potentially a lot of >>>> traffic. Got >>>> any suggestions for that? >>> >>> Hello Brian, >>> >>> I'm not sure I understand what you are trying to achieve. Are you trying >>> to spread the client load among replicas? If so, then I think the SRV >>> records in DNS are really the best answer. You can organize the servers >>> in "tiers" by using the priority field and then spread the load in a >>> tier by using the "weight" field. >> >> Greetings, >> >> if I understand correctly, you need to set different priority for SRV >> records and this new priority has to be dependent on client's IP address. >> >> AFAIK only way how to accomplish this is BIND "view" clause. You have to: >> - create copy of original zone for each location and modify SRV >> record priorities >> - then you have to set "views" and create mapping between IP address >> <-> new zone >> >> >> This way requires multiple copies of original zone, each with little >> differences. >> In case of classical zone files is not a big problem: You can keep >> SRV records separated in small files and "$INCLUDE" normal records to >> them from single place. >> >> In cases with LDAP database it's a much harder, because there is no >> simple $INCLUDE clause, I think. >> We have to consult this problem with 389 guys ... It can be task for >> some kind of directory server plugin. >> >> >> Some examples and documentation: >> http://wiki.sipfoundry.org/display/sipXecs/Location+based+DNS+views+for+sipXecs+using+BIND >> (It belongs to some SIP solution, but it's exactly what you want.) >> >> http://www.zytrax.com/books/dns/ch7/view.html >> >> http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.ch06.html#view_statement_grammar >> >> >> I'm adding BIND maintainer to this discussion. >> >> Petr^2 Spacek >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
