address spoofing

• Previous message (by thread): address spoofing
• Next message (by thread): address spoofing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > then, you can have (if you want) another bind listening on other
> > interfaces for other stuff.  like the "internal dns" server that you
> > mentioned.  or maybe a recursive, caching-only server that listens
> > only on 127.0.0.1.  of course...they can speak to each other if need
> > be.  :)
> 
> I tried 2 instances of BIND and they didn't work right.  One functioned
> and the other played dead (very dead ... as in the process blocked and
> would not wake up).  One needs 2 separate machines to get it to actually
> work right (times the amount of redundancy desired).  If you know the
> magic to make it work right, I'd sure like to know.  Maybe some kind of
> lock somewhere?

Works great here. You need to make sure that each bind instance has its
own set of named.conf/zone files/pid file/ndc channel, that they bind to
different interfaces. I also like to force them to have different query
ports, but this shouldn't be necessary as long as they are on different
interfaces.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no

• Previous message (by thread): address spoofing
• Next message (by thread): address spoofing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]