DNS Round Robin

peter at icke-reklam.manet.dot..nu peter at icke-reklam.manet.dot..nu
Mon Apr 10 13:24:45 UTC 2000


Masataka_Tanaka <mtanaka at ssd.sony.co.jp> wrote:
> # Prompt reply is very very welcome q(^o^)p

> Hello, there.

> My current BIND working environment is under Solaris 2.6 and BIND 8.x .
> I would like to ask you all the question about DNS round robin.
> When we set several hosts as Round Robin, do they have fail-safe
> function or not?

> I shall tell you about my basic trials.

> Case1 - DNS Setup

> 1)  First, I set up two hosts as having same name and different IP.
>     They named Robin.domainname in FQDN.(y.y.y.0/24 segment)

>     # nslookup
>     > Robin.domainname
>     Name:    Robin.domainname
>     Addresses:  y.y.y.95, y.y.y.109
It's whats expected .

>     > y.y.y.95
>     Name:    Robin.domainname
>     Address:  x.x.x.95
Yes, working reverse too. 
>     > y.y.y.109
>     Name:    Robin.domainname
>     Address:  y.y.y.109


> 2)  Send the ICMP packets from some nameserver via 'ping' command.
>      ( Network Layer; OSI layer 3)
>       itcns2# ping mail.uhclan.sony.co.jp
>       ICMP Host redirect from gateway (x.x.x.254) to x.x.x.247 for y.y.y.95
>       Robin.domainname is alive

Now you are getting close to what round-robin may give you.
When a dns-server has several records for a name it will answer with all
records. The order they come is one issue. Old stuff will give them in
one order, same order each time. A round-robin dns will typically
swap them in a round-robin prder for each time they reply.

Now, the second part, what does the client do when it receives several
answers for one question ? A "good" client will "try" one of the addresses,
and if it does not seem to work, the next until all addresses is tried.

Some applications (the faulty ones, will only try the first address given)

>        On this host, Name Service Cache Daemon (nscd) works, and looks
>        Cached result is quoted for next DNS lookup.(within the range of TTL)

One big question, does this "Name Service Cache Daemon" usee round-robin ?
Check your documentation. In general, using a resolver cache has
been considered "A bad idea" since one could always start a 
caching-only dns server in each box needing to cache dns. I don't know
the rationales for SGI to create "Name Service Cache Daemon", but they 
might have a valid reason to. Otherwize, consider disabling it.

Another issue is that often the client does not directly asks the
final dns-server, instead it asks it's "closest" dns-server, who by
recursion will ask another dns-server. Those 'cached' answers may 
or may not break round-robin. It's the dns-server that the client 
asks who will answer using round-robin or not.

> # Q1.    When 'nscd' process stopped at working DNS server, does it
>            influent for named service or some cache??

See previous answer


>        When I stop one of the hosts in Round Robin and type 'ping', I got
> the
>        result shown as below.

>        [ Alive Host ]

>        nameserver# ping Robin.domainname
>        ICMP Host redirect from gateway (x.x.x.254) to x.x.x.247 for
> y.y.y.109
>        Robin.domainname is alive

>        [ Dead Host ]

>        nameserver# ping y.y.y.95
>        ICMP Host redirect from gateway (x.x.x.254) to x.x.x.247 for y.y.y.95
>        no answer from y.y.y.95

This depends in the ping application. And i see no real reason why ping
should switch address if one seems to work for a while. Neither is there
any reason for a TCP-application to switch address to regain connectivity 
to the same connection (they won't). 

> On network layer level, it looks fail-safe works due to ROund Robin setup.



> Case2 - Shutdown one of hosts during ICMP packets transmit, and check
>             fail safe via DNS Round Robin Configuration

> 1. Type the 'ping' command.

>     nameserver# ping -s [ RoundRobin_HOST FQDN ]


> 2. ICMP packet trasnsmitted regularly, and one of hosts replyed.

>     ICMP Host redirect from gateway (x.x.x.254) to x.x.x.247 for y.y.y.109
>     64 bytes from y.y.y.109: icmp_seq=0. time=3. ms
>     64 bytes from y.y.y.109: icmp_seq=32. time=2. ms
>     . . . . . . . .
>     64 bytes from y.y.y.109: icmp_seq=42. time=2. ms


> 3. Shutdown the alive host.

>     ICMP Host redirect from gateway (x.x.x.254) to x.x.x.247 for y.y.y.109


> 4. Interrupt ICMP transmission because I confirmed host doesn't
>    reply anymore.

>    ----mail.uhclan.sony.co.jp PING Statistics----
>    107 packets transmitted, 43 packets received, 59% packet loss
>    round-trip (ms)  min/avg/max = 2/3/12

Again, ping is probebly not the most typical application.

> # Q2.    Is there any way to realize fail-safe(switch-over) via DNS
> configuration?
>            ( I mean the definition of 'fail-safe' :
>               One of Round Robin hosts is dead, avoiding DNS lookup returns
> the Dead
>               host information.)

>             Ohterwise, is there any SOFTWARE tool monitoring hosts or ports
> of DNS hosts?
>             (if possible freeware)

There is a number of dns derivates that monitors hosts in a round-robin
konfiguration, decideing which address to be given first. This
decition is made by load, avalability etc. Considering that well-written
applications will try all addresses, and if your servers are mostly running
small-to-minimum gains is to be achieved.


> I am looking forward to getting your reply soon.
> Bye for now, and thank you so much for reading to the last.

> --
> Thanks & Have a good day !
> Sony Systems Design Corp.
> Customer Service Dept.
> Masataka TANAKA
> mail to :  mtanaka at ssd.sony.co.jp
> tel       :  +81-3-5479-6629 (Tokyo, Japan)







-- 
--
Peter Håkanson         
        Manet Networking      (At the Riverside of Gothenburg, home of Volvo)
           Sorry about my e-mail address, but i'm trying to keep spam out.
echo "peter (at) manet (dot) nu" | sed "s/(at)/@/g " | sed "s/(dot)/\./g"|sed "s/ //g"



More information about the bind-users mailing list