From owner-freebsd-stable@FreeBSD.ORG Thu Jul 17 04:41:06 2008 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE56B1065673 for ; Thu, 17 Jul 2008 04:41:06 +0000 (UTC) (envelope-from jdc@parodius.com) Received: from mx01.sc1.parodius.com (mx01.sc1.parodius.com [72.20.106.3]) by mx1.freebsd.org (Postfix) with ESMTP id A86918FC08 for ; Thu, 17 Jul 2008 04:41:06 +0000 (UTC) (envelope-from jdc@parodius.com) Received: by mx01.sc1.parodius.com (Postfix, from userid 1000) id 9810B1CC098; Wed, 16 Jul 2008 21:41:06 -0700 (PDT) Date: Wed, 16 Jul 2008 21:41:06 -0700 From: Jeremy Chadwick To: Chuck Swiger Message-ID: <20080717044106.GA53681@eos.sc1.parodius.com> References: <20080716162042.GA27666@svzserv.kemerovo.su> <487E312E.9090307@infracaninophile.co.uk> <20080717035155.GA81536@svzserv.kemerovo.su> <8DFF6DCD-6619-4251-9944-59CED8DF1B19@mac.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8DFF6DCD-6619-4251-9944-59CED8DF1B19@mac.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: stable@freebsd.org, Eugene Grosbein Subject: Re: named.conf: query-source address X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2008 04:41:06 -0000 On Wed, Jul 16, 2008 at 09:06:33PM -0700, Chuck Swiger wrote: > On Jul 16, 2008, at 8:51 PM, Eugene Grosbein wrote: >> On Wed, Jul 16, 2008 at 06:34:38PM +0100, Matthew Seaman wrote: >>> The 'query-source' options don't have to be specified: the system >>> will just choose some appropriate address according to the state of >>> the routing table. 'query-source' to set the source /IP/ is really >>> only useful in some specific server configurations with several alias >>> addresses any of which could be used. That's pretty rare really. >> >> Isn't this common to have multiple aliases at an interface? >> Sometimes only one of them should be used for all DNS traffic. > > About the only common reason to set up multiple aliases on an interface > is when you're doing something like hosting multiple SSL webservers on a > single box which actually need to have distinct IPs as a consequence. > Other than that, using public IPs for aliases is usually wasteful of IP > address space. YMMV... This is off-topic, but the reason we use public IPs for web hosting (read: standard HTTP) is so we can rate-limit the network I/O using pf and ALTQ. We tried for many years to use bandwidth-limiting modules such as mod_bw and mod_cband, but the modules are incredibly buggy. (Our most recent experience was with mod_cband, which will literally deadlock the entire webserver during heavy multipart downloads. The Debian folks found the same problem, and it was ultimately removed from their package repo.) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |