Re: Anycast DNS - LB/LTM
I'm not familiar with LTM, so there is no need to check the pool with the script, LTM will know itself and stop advertising through some other mechanism when the pool is empty? therefore checking VIPA using the script is just redundant? From: David Klein To: ju wusuo Cc: "bind-users@lists.isc.org" Sent: Saturday, March 10, 2012 3:31 PM Subject: Re: Anycast DNS - LB/LTM Exactly. The script runs inside the LTM, and wraps "nslookup" or "dig". It should output a distinct output for success, and another distinct output for failure. It should only check the pool members, not the VIPA itself. If the pool is empty, the LTM will stop advertise the VIPA. -DTK On Fri, Mar 9, 2012 at 1:16 PM, ju wusuo wrote: so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, pool is empty or LTM issue, stop the advertising? > > > >____ > From: David Klein >To: ju wusuo >Cc: "bind-users@lists.isc.org" >Sent: Wednesday, March 7, 2012 11:18 PM >Subject: Re: Anycast DNS > > > >You would need to create a custom script to use as your monitor, which does a >lookup of an address that you know will always be in your domain. If that >fails, force-down/inactive the node, and tie this script as a monitor to the >pool holding the DNS server nodes. > > >You can advertise the /32 containing the VIPA to the up-stream router via >either OSPF or IBGP, and if the pool goes empty, stop advertising the route >(the only option is stop advertising, not actively withdraw the route, since >that could cause a massive reconvergence cycle in your enterprise-wide RIB, if >done wrong, just because of a flapping interface). > > > > > > >HTH, > > > -DTK > > > >On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo wrote: > > >> >>thanks everyone for all responses with the great inputs .. >> >> >>now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to >>announce the routes dynamically for the DNS servers, and a VIP can be >>withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS >>service failure and stop sending over DNS queries, i.e., in the case a named >>is still up but just not able to resolve names (assuming LTM can detect a >>named is down)? >> >> >>___ >>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >>from this list >> >>bind-users mailing list >>bind-users@lists.isc.org >>https://lists.isc.org/mailman/listinfo/bind-users >> > > > >-- > >david t. klein > >Cisco Certified Network Associate (CSCO11281885) >Linux Professional Institute Certification (LPI000165615) >Redhat Certified Engineer (805009745938860) > >Quis custodiet ipsos custodes? > > > > > > -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes?___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Anycast DNS - LB/LTM
so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, pool is empty or LTM issue, stop the advertising? From: David Klein To: ju wusuo Cc: "bind-users@lists.isc.org" Sent: Wednesday, March 7, 2012 11:18 PM Subject: Re: Anycast DNS You would need to create a custom script to use as your monitor, which does a lookup of an address that you know will always be in your domain. If that fails, force-down/inactive the node, and tie this script as a monitor to the pool holding the DNS server nodes. You can advertise the /32 containing the VIPA to the up-stream router via either OSPF or IBGP, and if the pool goes empty, stop advertising the route (the only option is stop advertising, not actively withdraw the route, since that could cause a massive reconvergence cycle in your enterprise-wide RIB, if done wrong, just because of a flapping interface). HTH, -DTK On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo wrote: > >thanks everyone for all responses with the great inputs .. > > >now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to >announce the routes dynamically for the DNS servers, and a VIP can be >withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS >service failure and stop sending over DNS queries, i.e., in the case a named >is still up but just not able to resolve names (assuming LTM can detect a >named is down)? > > >___ >Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >from this list > >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users > -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes?___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Anycast DNS
thanks everyone for all responses with the great inputs .. now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to announce the routes dynamically for the DNS servers, and a VIP can be withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS service failure and stop sending over DNS queries, i.e., in the case a named is still up but just not able to resolve names (assuming LTM can detect a named is down)? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Anycast DNS
Have seen some anycast DNS implementations using more than one address, some times even on the same subnet, any considerations or reasons for doing that? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: stub zone
need to use it to send out iterative queries, instead of recursive ones (if using forwarding). From: Feng He <short...@gmail.com> To: ju wusuo <juwu...@yahoo.com> Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org> Sent: Tuesday, July 26, 2011 1:33 AM Subject: Re: stub zone On Tue, Jul 26, 2011 at 3:55 AM, ju wusuo <juwu...@yahoo.com> wrote: > Would like to use the BIND stub zone function, however, heard that ISC > considers stopping support to stub zone in the future, is that true? > ___ Hi, what's the use of stub zone? I never used it, thanks.___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: stub zone
Thanks Mark .. I think that probably is the misunderstanding of the "delegation" usage part. From: Mark Andrews To: ju wusuo Cc: "bind-users@lists.isc.org" Sent: Monday, July 25, 2011 9:57 PM Subject: Re: stub zone In message <1311623708.59385.yahoomail...@web44803.mail.sp1.yahoo.com>, ju wusuo writes: > > Would like to use the BIND stub zone function, however, heard that ISC cons= > iders stopping support to stub zone in the future, is that true?=A0 No. There are no plans to remove support for stub zones. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
stub zone
Would like to use the BIND stub zone function, however, heard that ISC considers stopping support to stub zone in the future, is that true? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: queryperf for stress test
this is just a benchmark kind of stress test with authoritative records, query logging has been disabled. Emil Natan >run queryperf on the same server and got a not bad number at around 60,000 >qps, >however, the cpu and memory are far from used up, what else could be the >limiting factors for getting higher qps numbers? > > Logging. If query log is enabled it has significant impact on the performance. If syslog is used for the purpose it is even worse. It is not clear what tests exactly do you perform. Is named serving authoritative data? If yes - enable the acache (disabled by default). If it is used as recursive server and it needs to query external servers this can be a factor too. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: queryperf for stress test
no seems not the case as cpu is only at about 60%. p...@mail.nsbeta.info wrote: ju wusuo writes: > run queryperf on the same server and got a not bad number at around 60,000 > qps, >however, the cpu and memory are far from used up, what else could be the >limiting factors for getting higher qps numbers? > > > rebuild bind and enable the threads? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
queryperf for stress test
run queryperf on the same server and got a not bad number at around 60,000 qps, however, the cpu and memory are far from used up, what else could be the limiting factors for getting higher qps numbers? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
