Dynamically changing the DNS replies based on site being up/down

Kevin Darcy kcd at daimlerchrysler.com
Mon Jul 31 21:19:16 UTC 2000


satyapal_deja at my-deja.com wrote:

> Kevin, thanks for your reply. Please find my comments interspersed in
> the article below.
>
> In article <3980C976.F1B938E0 at daimlerchrysler.com>,
>   Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> > More or less. Because nameservers will have cached the address, the
> > switchover will take a while, and in the meantime, all clients getting
> > the old address will just simply fail. A slightly more refined version
> > would be to have the nameservers return *both* addresses in "fixed"
> > order and then delete the primary address if that server goes down. At
> > least then the failover will be more transparent for clients which
> know
> > how to do address failover. Unfortunately, a side effect of this is
> that
> > other nameservers serving the name from their caches will tend to
> > "round-robin" the answers, so you'll get some leakage to your backup
> > server even when the primary is accessible.
> >
> > Of course, you could reduce the effects of caching by lowering TTL
> > values, but this is wasteful of Internet resources.
>
> This solution seems good as I understand it. And let me know if I
> understood it correctly. Any DNS request from a client's browser for
> www.yy.com will result in two IP addresses (in the order primary
> webserver first and the backup webserver in second place). Only if the
> client browser cannot connect to the Primary webserver for whatever
> reasons it automatically connects to the second IP address which is a
> backup server. Am I correct ?

Yes. But remember that not all clients are smart enough to do address
failover. Old clients, in particular, tend to just try the first address
and then fail.

> And the problem in this schema is that the intermediate nameservers
> serving the name from their caches will tend to "round-robin" the
> answers and there by some requests (upto 50% ?) might still go to
> backup webserver inspite of Primary being up.

The amount of "leakage" depends on a variety of factors, including:    what
your TTL values are set to,
    the proportion of slaves which are configured with "fixed" order, and
    the proportion of clients which are querying the name through
intermediate caching servers, and what sorting order is in effect for those
intermediate caching servers.

> The above solution seems OK to me as long as we can keep the number of
> request going to backup site remains around 1%.

That's probably going to require reducing your TTL values to an
unacceptably low level. Unfortunately, there's no good solution right now
short of spending lots of $$$'s to buy something like a Cisco
LocalDirector, which "hides" multiple servers behind a single IP address.

> >A slightly more refined version would be to have the nameservers
> >return *both* addresses in "fixed" order
>
> Can you please explain more about how to do this ? (I am a novice to
> this subject and appreciate any help).

See the documentation for the "rrset-order" option.


- Kevin




More information about the bind-users mailing list