named.conf: query-source address

Thu Jul 17 04:41:06 UTC 2008

On Wed, Jul 16, 2008 at 09:06:33PM -0700, Chuck Swiger wrote:
> On Jul 16, 2008, at 8:51 PM, Eugene Grosbein wrote:
>> On Wed, Jul 16, 2008 at 06:34:38PM +0100, Matthew Seaman wrote:
>>> The 'query-source' options don't have to be specified: the system
>>> will just choose some appropriate address according to the state of
>>> the routing table.  'query-source' to set the source /IP/ is really
>>> only useful in some specific server configurations with several alias
>>> addresses any of which could be used.  That's pretty rare really.
>>
>> Isn't this common to have multiple aliases at an interface?
>> Sometimes only one of them should be used for all DNS traffic.
>
> About the only common reason to set up multiple aliases on an interface 
> is when you're doing something like hosting multiple SSL webservers on a 
> single box which actually need to have distinct IPs as a consequence.  
> Other than that, using public IPs for aliases is usually wasteful of IP 
> address space.  YMMV...

This is off-topic, but the reason we use public IPs for web hosting
(read: standard HTTP) is so we can rate-limit the network I/O using pf
and ALTQ.

We tried for many years to use bandwidth-limiting modules such as mod_bw
and mod_cband, but the modules are incredibly buggy.  (Our most recent
experience was with mod_cband, which will literally deadlock the entire
webserver during heavy multipart downloads.  The Debian folks found the
same problem, and it was ultimately removed from their package repo.)

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |