Hi, One of my client's domain has multiple IPs for redundancy, i configured his www as such just an example: www IN A 10.10.10.10 www IN A 192.168.0.10 Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i configure it?
Hi. On Tue, Sep 19, 2006 at 02:00:23PM +0800, pinoyskull wrote:> One of my client's domain has multiple IPs for redundancy, i configured > his www as such > > www IN A 10.10.10.10 > www IN A 192.168.0.10 > > Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i > configure it?DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! For serious redundancy with failover and/or load balancing with a good leveling you should consider getting a load balancer (be it hardware or software), better two so you don't have the single point of failure there :-) - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! | -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060919/7ba32441/attachment.pgp
On Tue, Sep 19, 2006 at 02:00:23PM +0800, pinoyskull wrote: >> One of my client's domain has multiple IPs for redundancy, i configured >> his www as such >> >> www IN A 10.10.10.10 >> www IN A 192.168.0.10 >> >> Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i >> configure it? I missed the original question about this but if you're really interested in doing somethign in software rather than buying some kind of load-balancing hardware, then you could write your own (simple) backend for powerdns. powerdns is in ports and it has a simple "pipe" interface to the daemon that would let you write your own "proporitional-share" dns responder for some set of RRs. Check out the geographic load balancing that the blitzed.org guys use... http://wiki.blitzed.org/DNS_balancing Basically, you would delegate a subdomain (bar.example.org) to the server running your custom powerdns config and all lookups of foo.bar.example.org would end up at your server, where your custome (20 or 60 lines of perl) powerdns module could return which ever of the two IPs you prefer, either statistically, or based on some kind of remotely fetched load average, ping time, other-availibility-metric, etc. So, say you wanted 80% of your traffic to go to the primary box, then you turn off caching in your powerdns config file and have your pipe'd child return the primary IP 8 times for every 2 times you return the ip of the other box etc. Or always return the primary server unless it is having problems, in which case you return the secondary. Of course you want the TTL on these records, or perhaps the delegated subdomain to be low so the client doesn't cache it much. I'm currently got a geo-balanced test setup I've been playing with - it returns CNAMES to XX.clift.org for any lookup of test.geo.clift.org, where XX are theoreticaly country codes based on what IP addresses you make the requests from. The quality of the free geo-ip info isn't great, but at least it gets you on the right continent. The geo-ip data is 'free' via rsync from countries.nerd.dk - see http://countries.nerd.dk/more.html for more information Anyway, it'd take a bit of work, but would be doable. Fred Clift fred 'AT' clift <dot> org
Oliver Brandmueller wrote:> > DNS round robin is not about redundancy, the only thing you could have > that way is a kind of load balancing (not the most sophisticated way, > though). Whenever one of the servers fails, around half of the requests > still goes there and then times out/gets conn refused or whatever the > problem is. Prioritizing is not easily possible. Probably it helps if > you add one of the IPs more often to the set, but I never tried that and > did not read the docs on this topic, so before breaking your zone first > read the specs, if this works!Just replying to this bit first, in BIND it does not work to specify the same IP address multiple times for the same hostname. The server will collapse the duplicates into one unique entry when it reads the zone. I am not aware of any other authoritative name server for which this would work either. FYI, Doug -- This .signature sanitized for your protection
pinoyskull wrote:> Hi, > > One of my client's domain has multiple IPs for redundancy,This really isn't on topic for any of the FreeBSD lists, FYI. If the responses you have received so far haven't helped you, I would suggest that you write up a little more detail about what you're trying to achieve, and post a message to the bind-users@isc.org mailing list. Briefly, if what you're trying to do is actually failover (if the "primary" website is down, users should be directed to the "secondary" site), then the answer is you can't do that in DNS alone. But the bind-users folks can help you find some answers. good luck, Doug -- This .signature sanitized for your protection
Doug Barton wrote:> Chris H. wrote: > >> Greetings all, >> ... >> Quoting Doug Barton <dougb@freebsd.org>: >> >> >>> Oliver Brandmueller wrote: >>> >>>> DNS round robin is not about redundancy, the only thing you could have >>>> that way is a kind of load balancing (not the most sophisticated way, >>>> though). Whenever one of the servers fails, around half of the requests >>>> still goes there and then times out/gets conn refused or whatever the >>>> problem is. Prioritizing is not easily possible. Probably it helps if >>>> you add one of the IPs more often to the set, but I never tried that and >>>> did not read the docs on this topic, so before breaking your zone first >>>> read the specs, if this works! >>>> >>> Just replying to this bit first, in BIND it does not work to specify >>> the same IP address multiple times for the same hostname. The server >>> will collapse the duplicates into one unique entry when it reads the >>> zone. I am not aware of any other authoritative name server for which >>> this would work either. >>> >> While this /might/ hold true in some/certain situations. >> > > Under the circumstances that Oliver suggested, what I said holds true > in every situation (assuming you are using BIND). The example you > pasted, while colorful, is not actually an example of what Oliver > suggested. If you would like me to write out an example I will, but: > A) This subject is already off topic, and > B) It would more usefully be left as an exercise for the reader. > > >> I /can/ say after 3.5 yrs. of doing exactly this, >> > > Bzzzzzzzzzzzt. See above. > > >> that it does not collapse the namespace into a single IP<-->name. >> > > It might also be useful to note here that nothing about DNS is > (automatically) bi-directional in the manner you imply here. > > I do concur with your suggestion to move this thread to a list that is > focused on DNS, however .... > > Doug > >thanks for the reply guys, although our dns server is runnung freebsd, my problem specifically is DNS, ill try posting my problem to the right mailing list, thanks again.