Re: Anycast DNS - LB/LTM
I'm not familiar with LTM, so there is no need to check the pool with the script, LTM will know itself and stop advertising through some other mechanism when the pool is empty? therefore checking VIPA using the script is just redundant? From: David Klein r...@nachtmaus.us To: ju wusuo juwu...@yahoo.com Cc: bind-users@lists.isc.org bind-users@lists.isc.org Sent: Saturday, March 10, 2012 3:31 PM Subject: Re: Anycast DNS - LB/LTM Exactly. The script runs inside the LTM, and wraps nslookup or dig. It should output a distinct output for success, and another distinct output for failure. It should only check the pool members, not the VIPA itself. If the pool is empty, the LTM will stop advertise the VIPA. -DTK On Fri, Mar 9, 2012 at 1:16 PM, ju wusuo juwu...@yahoo.com wrote: so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, pool is empty or LTM issue, stop the advertising? From: David Klein r...@nachtmaus.us To: ju wusuo juwu...@yahoo.com Cc: bind-users@lists.isc.org bind-users@lists.isc.org Sent: Wednesday, March 7, 2012 11:18 PM Subject: Re: Anycast DNS You would need to create a custom script to use as your monitor, which does a lookup of an address that you know will always be in your domain. If that fails, force-down/inactive the node, and tie this script as a monitor to the pool holding the DNS server nodes. You can advertise the /32 containing the VIPA to the up-stream router via either OSPF or IBGP, and if the pool goes empty, stop advertising the route (the only option is stop advertising, not actively withdraw the route, since that could cause a massive reconvergence cycle in your enterprise-wide RIB, if done wrong, just because of a flapping interface). HTH, -DTK On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo juwu...@yahoo.com wrote: thanks everyone for all responses with the great inputs .. now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to announce the routes dynamically for the DNS servers, and a VIP can be withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS service failure and stop sending over DNS queries, i.e., in the case a named is still up but just not able to resolve names (assuming LTM can detect a named is down)? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes? -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes?___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Anycast DNS - LB/LTM
Exactly. The script runs inside the LTM, and wraps nslookup or dig. It should output a distinct output for success, and another distinct output for failure. It should only check the pool members, not the VIPA itself. If the pool is empty, the LTM will stop advertise the VIPA. -DTK On Fri, Mar 9, 2012 at 1:16 PM, ju wusuo juwu...@yahoo.com wrote: so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, pool is empty or LTM issue, stop the advertising? -- *From:* David Klein r...@nachtmaus.us *To:* ju wusuo juwu...@yahoo.com *Cc:* bind-users@lists.isc.org bind-users@lists.isc.org *Sent:* Wednesday, March 7, 2012 11:18 PM *Subject:* Re: Anycast DNS You would need to create a custom script to use as your monitor, which does a lookup of an address that you know will always be in your domain. If that fails, force-down/inactive the node, and tie this script as a monitor to the pool holding the DNS server nodes. You can advertise the /32 containing the VIPA to the up-stream router via either OSPF or IBGP, and if the pool goes empty, stop advertising the route (the only option is stop advertising, not actively withdraw the route, since that could cause a massive reconvergence cycle in your enterprise-wide RIB, if done wrong, just because of a flapping interface). HTH, -DTK On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo juwu...@yahoo.com wrote: thanks everyone for all responses with the great inputs .. now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to announce the routes dynamically for the DNS servers, and a VIP can be withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS service failure and stop sending over DNS queries, i.e., in the case a named is still up but just not able to resolve names (assuming LTM can detect a named is down)? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes? -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Anycast DNS - LB/LTM
so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, pool is empty or LTM issue, stop the advertising? From: David Klein r...@nachtmaus.us To: ju wusuo juwu...@yahoo.com Cc: bind-users@lists.isc.org bind-users@lists.isc.org Sent: Wednesday, March 7, 2012 11:18 PM Subject: Re: Anycast DNS You would need to create a custom script to use as your monitor, which does a lookup of an address that you know will always be in your domain. If that fails, force-down/inactive the node, and tie this script as a monitor to the pool holding the DNS server nodes. You can advertise the /32 containing the VIPA to the up-stream router via either OSPF or IBGP, and if the pool goes empty, stop advertising the route (the only option is stop advertising, not actively withdraw the route, since that could cause a massive reconvergence cycle in your enterprise-wide RIB, if done wrong, just because of a flapping interface). HTH, -DTK On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo juwu...@yahoo.com wrote: thanks everyone for all responses with the great inputs .. now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to announce the routes dynamically for the DNS servers, and a VIP can be withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS service failure and stop sending over DNS queries, i.e., in the case a named is still up but just not able to resolve names (assuming LTM can detect a named is down)? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- david t. klein Cisco Certified Network Associate (CSCO11281885) Linux Professional Institute Certification (LPI000165615) Redhat Certified Engineer (805009745938860) Quis custodiet ipsos custodes?___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
