Re: bind round robin
Doug Barton wrote: Chris H. wrote: Greetings all, ... Quoting Doug Barton [EMAIL PROTECTED]: Oliver Brandmueller wrote: DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! Just replying to this bit first, in BIND it does not work to specify the same IP address multiple times for the same hostname. The server will collapse the duplicates into one unique entry when it reads the zone. I am not aware of any other authoritative name server for which this would work either. While this /might/ hold true in some/certain situations. Under the circumstances that Oliver suggested, what I said holds true in every situation (assuming you are using BIND). The example you pasted, while colorful, is not actually an example of what Oliver suggested. If you would like me to write out an example I will, but: A) This subject is already off topic, and B) It would more usefully be left as an exercise for the reader. I /can/ say after 3.5 yrs. of doing exactly this, Bzzzt. See above. that it does not collapse the namespace into a single IP--name. It might also be useful to note here that nothing about DNS is (automatically) bi-directional in the manner you imply here. I do concur with your suggestion to move this thread to a list that is focused on DNS, however Doug thanks for the reply guys, although our dns server is runnung freebsd, my problem specifically is DNS, ill try posting my problem to the right mailing list, thanks again. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
Hi. On Tue, 19 Sep 2006 10:39:55 +0200 Oliver Brandmueller [EMAIL PROTECTED] wrote: Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i configure it? ... For serious redundancy with failover and/or load balancing with a good leveling you should consider getting a load balancer (be it hardware or software), better two so you don't have the single point of failure there :-) Just info for those who may find it useful... There is a custom patch for BindBackend2 of PowerDNS that makes this DNS-level loadbalancing and failover possible. One can assign weights to A records and also keepalive watches so that dead addresses aren't served. It's configurable directly in zone through special TXT records. Find it at http://neosystem.cz/powerdns/pdns-2.9.20-keepalive.patch Dan ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
Hi. On Tue, Sep 19, 2006 at 02:00:23PM +0800, pinoyskull wrote: One of my client's domain has multiple IPs for redundancy, i configured his www as such wwwIN A 10.10.10.10 wwwIN A 192.168.0.10 Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i configure it? DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! For serious redundancy with failover and/or load balancing with a good leveling you should consider getting a load balancer (be it hardware or software), better two so you don't have the single point of failure there :-) - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! | pgpIzG86sTPn3.pgp Description: PGP signature
Re: bind round robin
Oliver Brandmueller wrote: Hi. On Tue, Sep 19, 2006 at 02:00:23PM +0800, pinoyskull wrote: One of my client's domain has multiple IPs for redundancy, i configured his www as such wwwIN A 10.10.10.10 wwwIN A 192.168.0.10 Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i configure it? DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! For serious redundancy with failover and/or load balancing with a good leveling you should consider getting a load balancer (be it hardware or software), better two so you don't have the single point of failure there :-) A good software load balancer which supports weighting is pen. In ports. http://siag.nu/pen /usr/ports/net/pen Dominic - Oliver ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
On Tuesday 19 September 2006 11:50, Dominic Marks wrote: Oliver Brandmueller wrote: Hi. On Tue, Sep 19, 2006 at 02:00:23PM +0800, pinoyskull wrote: One of my client's domain has multiple IPs for redundancy, i configured his www as such wwwIN A 10.10.10.10 wwwIN A 192.168.0.10 Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i configure it? DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! For serious redundancy with failover and/or load balancing with a good leveling you should consider getting a load balancer (be it hardware or software), better two so you don't have the single point of failure there :-) A good software load balancer which supports weighting is pen. In ports. http://siag.nu/pen /usr/ports/net/pen Dominic - Oliver ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] From pen homepage: This is pen, a load balancer for simple tcp based protocols such as http or smtp. As I know DNS uses both tcp and udp protocols. For failover you can try OpenBSD Packet Filter with CARP protocol. PF can do load-balacing using different algorithms also. CARP is ported to FreeBSD. More info on: http://pf4freebsd.love2party.net/carp.html Enjoy -- Dominik Zalewski | System Administrator OpenCraft t- +2 02 336 0003 w- http://www.open-craft.com ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
From the original message: [1] wwwIN A 10.10.10.10 wwwIN A 192.168.0.10 From pen homepage: This is pen, a load balancer for simple tcp based protocols such as http or smtp. As I know DNS uses both tcp and udp protocols. From the posters excerpt it looks like they are looking to load balance HTTP. [1] For failover you can try OpenBSD Packet Filter with CARP protocol. PF can do load-balacing using different algorithms also. CARP is ported to FreeBSD. More info on: http://pf4freebsd.love2party.net/carp.html Also true. Last time I looked at this however there was a big disclaimer saying that CARP's load balancing was likely to give a distorted distribution of load and I don't believe it does weighting. I believe this would also be a problem considering the example in [1]: From carp(4): Note: ARP balancing only works on the local network segment. It cannot balance traffic that crosses a router, because the router itself will always be balanced to the same virtual host. Cheers, Dominic ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
Dominic Marks wrote: From the original message: [1] wwwIN A 10.10.10.10 wwwIN A 192.168.0.10 From pen homepage: This is pen, a load balancer for simple tcp based protocols such as http or smtp. As I know DNS uses both tcp and udp protocols. From the posters excerpt it looks like they are looking to load balance HTTP. [1] For failover you can try OpenBSD Packet Filter with CARP protocol. PF can do load-balacing using different algorithms also. CARP is ported to FreeBSD. More info on: http://pf4freebsd.love2party.net/carp.html Also true. Last time I looked at this however there was a big disclaimer saying that CARP's load balancing was likely to give a distorted distribution of load and I don't believe it does weighting. I believe this would also be a problem considering the example in [1]: From carp(4): Note: ARP balancing only works on the local network segment. It cannot balance traffic that crosses a router, because the router itself will always be balanced to the same virtual host. Cheers, Dominic Yes but the idea here is to use http balancer that runs on CARP interface(s) for fail-over. Balancing will be done by balancer ;) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- Best Wishes, Stefan Lambrev ICQ# 24134177 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
On Tue, Sep 19, 2006 at 02:00:23PM +0800, pinoyskull wrote: One of my client's domain has multiple IPs for redundancy, i configured his www as such wwwIN A 10.10.10.10 wwwIN A 192.168.0.10 Is there a way to prioritize 10.10.10.10 over 192.168.0.10? How do i configure it? I missed the original question about this but if you're really interested in doing somethign in software rather than buying some kind of load-balancing hardware, then you could write your own (simple) backend for powerdns. powerdns is in ports and it has a simple pipe interface to the daemon that would let you write your own proporitional-share dns responder for some set of RRs. Check out the geographic load balancing that the blitzed.org guys use... http://wiki.blitzed.org/DNS_balancing Basically, you would delegate a subdomain (bar.example.org) to the server running your custom powerdns config and all lookups of foo.bar.example.org would end up at your server, where your custome (20 or 60 lines of perl) powerdns module could return which ever of the two IPs you prefer, either statistically, or based on some kind of remotely fetched load average, ping time, other-availibility-metric, etc. So, say you wanted 80% of your traffic to go to the primary box, then you turn off caching in your powerdns config file and have your pipe'd child return the primary IP 8 times for every 2 times you return the ip of the other box etc. Or always return the primary server unless it is having problems, in which case you return the secondary. Of course you want the TTL on these records, or perhaps the delegated subdomain to be low so the client doesn't cache it much. I'm currently got a geo-balanced test setup I've been playing with - it returns CNAMES to XX.clift.org for any lookup of test.geo.clift.org, where XX are theoreticaly country codes based on what IP addresses you make the requests from. The quality of the free geo-ip info isn't great, but at least it gets you on the right continent. The geo-ip data is 'free' via rsync from countries.nerd.dk - see http://countries.nerd.dk/more.html for more information Anyway, it'd take a bit of work, but would be doable. Fred Clift fred 'AT' clift dot org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
Oliver Brandmueller wrote: DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! Just replying to this bit first, in BIND it does not work to specify the same IP address multiple times for the same hostname. The server will collapse the duplicates into one unique entry when it reads the zone. I am not aware of any other authoritative name server for which this would work either. FYI, Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
pinoyskull wrote: Hi, One of my client's domain has multiple IPs for redundancy, This really isn't on topic for any of the FreeBSD lists, FYI. If the responses you have received so far haven't helped you, I would suggest that you write up a little more detail about what you're trying to achieve, and post a message to the [EMAIL PROTECTED] mailing list. Briefly, if what you're trying to do is actually failover (if the primary website is down, users should be directed to the secondary site), then the answer is you can't do that in DNS alone. But the bind-users folks can help you find some answers. good luck, Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
Greetings all, ... Quoting Doug Barton [EMAIL PROTECTED]: Oliver Brandmueller wrote: DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! Just replying to this bit first, in BIND it does not work to specify the same IP address multiple times for the same hostname. The server will collapse the duplicates into one unique entry when it reads the zone. I am not aware of any other authoritative name server for which this would work either. While this /might/ hold true in some/certain situations. I /can/ say after 3.5 yrs. of doing exactly this, that it does not collapse the namespace into a single IP--name. Here is the excerpt from the zone file(s) running a recent BIND version: #hostA.domain.tld.zone hostA IN A XXX.XXX.XXX.XA IN HINFO IBM-PC/AT UNICS/UNIX IN MX 10 mx IN MX 60 mx2 graphics IN A XXX.XXX.XXX.XA nameA IN A XXX.XXX.XXX.XA nameB IN A XXX.XXX.XXX.XA ... wwwIN A XXX.XXX.XXX.XA nameC IN CNAME nameB etc... #hostB.domain.tld.zone hostB IN A XXX.XXX.XXX.XB IN HINFO IBM-PC/AT UNICS/UNIX IN MX 10 mx IN MX 60 mx2 nameD IN A XXX.XXX.XXX.XB graphics IN A XXX.XXX.XXX.XB hostE IN A XXX.XXX.XXX.XB etc... # Please note the RR (PTR) zone only lists RR's for hostA and hostB. It is the responsibility of the hosts own zones to delegate the hostnames for their own zones. Both of these hosts are running Apache for the HTTPd service, and both of them serve pages for graphics.domain.tld. Now, on to your initial question... Speaking of Apache; Apache has provided a solution for the /exact/ situation you are enquiring about since v.1.2. You will find it in the documentation that comes with the installation. I will endevour to find it's whereabouts in the doc's and provide a link. As I host those doc's. It involves DNS and either the use of Perl, or http(s)d.conf trickery. This, of course, all assumes that you are working with Apache. :) Best wishes, Chris H. FYI, Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) - FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006 / ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
Greetings, ... Quoting Chris H. [EMAIL PROTECTED]: Greetings all, ... Quoting Doug Barton [EMAIL PROTECTED]: Oliver Brandmueller wrote: DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! Just replying to this bit first, in BIND it does not work to specify the same IP address multiple times for the same hostname. The server will collapse the duplicates into one unique entry when it reads the zone. I am not aware of any other authoritative name server for which this would work either. While this /might/ hold true in some/certain situations. I /can/ say after 3.5 yrs. of doing exactly this, that it does not collapse the namespace into a single IP--name. Here is the excerpt from the zone file(s) running a recent BIND version: #hostA.domain.tld.zone hostA IN A XXX.XXX.XXX.XA IN HINFO IBM-PC/AT UNICS/UNIX IN MX 10 mx IN MX 60 mx2 graphics IN A XXX.XXX.XXX.XA nameA IN A XXX.XXX.XXX.XA nameB IN A XXX.XXX.XXX.XA ... wwwIN A XXX.XXX.XXX.XA nameC IN CNAME nameB etc... #hostB.domain.tld.zone hostB IN A XXX.XXX.XXX.XB IN HINFO IBM-PC/AT UNICS/UNIX IN MX 10 mx IN MX 60 mx2 nameD IN A XXX.XXX.XXX.XB graphics IN A XXX.XXX.XXX.XB hostE IN A XXX.XXX.XXX.XB etc... # Please note the RR (PTR) zone only lists RR's for hostA and hostB. It is the responsibility of the hosts own zones to delegate the hostnames for their own zones. Both of these hosts are running Apache for the HTTPd service, and both of them serve pages for graphics.domain.tld. Now, on to your initial question... Speaking of Apache; Apache has provided a solution for the /exact/ situation you are enquiring about since v.1.2. You will find it in the documentation that comes with the installation. I will endevour to find it's whereabouts in the doc's and provide a link. As I host those doc's. It involves DNS and either the use of Perl, or http(s)d.conf trickery. This, of course, all assumes that you are working with Apache. :) Best wishes, Chris H. O.K. Here's the link(s) I promised: You will/should find these two links /extremely/ valuable: http://hosting.1command.com/manual/misc/rewriteguide.html These are the things dreams are made of. ;) the link I indicated you'd find as a good solution is here: http://hosting.1command.com/manual/misc/rewriteguide.html Just scroll down to the topic: *Load Balancing* Best wishes, Chris H. P.S. you will/should also spend some time on a DNS/BIND newsgroup. As the knowledge gained there is invaluable. I spend quite alot of time there answering questions, and it is probably a better place to ask questions of this nature. Because this list really isn't designed for this kind of topic. FYI, Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) - FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006 / ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- panic: kernel trap (ignored) - FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006 / ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: bind round robin
Chris H. wrote: Greetings all, ... Quoting Doug Barton [EMAIL PROTECTED]: Oliver Brandmueller wrote: DNS round robin is not about redundancy, the only thing you could have that way is a kind of load balancing (not the most sophisticated way, though). Whenever one of the servers fails, around half of the requests still goes there and then times out/gets conn refused or whatever the problem is. Prioritizing is not easily possible. Probably it helps if you add one of the IPs more often to the set, but I never tried that and did not read the docs on this topic, so before breaking your zone first read the specs, if this works! Just replying to this bit first, in BIND it does not work to specify the same IP address multiple times for the same hostname. The server will collapse the duplicates into one unique entry when it reads the zone. I am not aware of any other authoritative name server for which this would work either. While this /might/ hold true in some/certain situations. Under the circumstances that Oliver suggested, what I said holds true in every situation (assuming you are using BIND). The example you pasted, while colorful, is not actually an example of what Oliver suggested. If you would like me to write out an example I will, but: A) This subject is already off topic, and B) It would more usefully be left as an exercise for the reader. I /can/ say after 3.5 yrs. of doing exactly this, Bzzzt. See above. that it does not collapse the namespace into a single IP--name. It might also be useful to note here that nothing about DNS is (automatically) bi-directional in the manner you imply here. I do concur with your suggestion to move this thread to a list that is focused on DNS, however Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
