multiple networks, routers and stuff...

[Kevin Darcy]

I don't think the gTLD registry supports multiple-address-record NS'es,
but that is of little consequence. You could either a) make up different
names for the new interface addresses and register those in addition to
the 2 (or more) you currently have defined, or b) define the additional
A records in your *own* zone, which will override the A RRset's in other
nameserver's caches once they follow the delegations down to your
nameservers and get an authoritative response (if you go this route, make
sure that the addresses in the registry are on different networks, so
that you'll have redundancy even for those nameservers that don't have
any of your NS or A records already cached).

I didn't quite understand how you were planning to implement your web
server redundancy. It seemed over-complicated to me, and it also seemed
like it relied on trying to force DNS queries to go to particular
nameservers, which is pretty much doomed to failure, since there is no
fixed order in which the nameservers for a particular domain will be
queried by other nameservers.

Assuming mirrored content, why not just associate multiple address
records with the website name? In good times, you get a certain amount of
load-balancing that way, and when one of the web servers dies, most
modern clients and/or proxies will fail over to the other one after a
short delay.

Of course, with MX records you have even greater flexibility. Not only
can you set up two or more mail exchangers and load-balance between them
(equal preference values), but if you want you can set up a
primary/fallback arrangement (unequal preference values). Or some
combination of load-balancing and fallback. There is a relatively new
DNS record type called SRV which basically brings the MX functionality to
*any* network service, as well as "weighted" load-balancing and the
ability to specify a port number for a service. But unfortunately the
client support for SRV is practically non-existent. Some of us are
lobbying for SRV record support to be added to Mozilla. See
http://bugzilla.mozilla.org/show_bug.cgi?id=14328.


- Kevin

Flame Tester wrote:

> HI all
>
> Need wisdom of the net.
>
> We seem to be having problems with .com's falling like flies.  We are
> a small ISP that buys wholesale DSL and dialup, then re-sell as a
> managed product to our customer base. The last time this happend, we
> were lucky in the aspect that we had redundant connections to the
> internet through multiple providers.  This wouldn't have helped in the
> DSL arena, but got us to wondering what we could do to make the change
> over on our in-house networks easier.  It didn't take very long to
> update the DNS files and renumber the actual machines IP's for sites
> on the fallen .com's network, but I could have been drinking Mocha's
> and catching up on the O'Reilly book(s) of choice.  We also have mail
> hosts on both networks configured to backup each other's mail, so rain
> or snow or the darkness of night....
>
> Ok, so now that you know sorta what I am looking at, let me explain
> that I am very lazy, and if I can get things done by pushing a button,
> I'm all for it - [Willing to bust b.alls getting it setup though!]
>
> I thought - gee! why not have multiple machines that are mirrored to
> handle this?  Ok only need 35 of 'em ...
>
> Next - why not buy netcards and put extra's in the existing machines?
> Hmmmm, this will work.  Haven't tried three nic's in a NT box, but
> what the heck.  3?  two live networks, and one local for maintance,
> ease of file transfer .. stuff like that.
>
> Do you see where this is going?  I need a high availability network,
> but until I get something up and tested, can I use existing to do the
> (almost) same thing?  For ease of explanation, two networks are
> connected to the internet - lets call them network A and network B.
>
> How it is now:
> A surfer out in netland does a DNS query for a web server that is
> supposed to be on B, but if B is down, goes to the DNS server on A.  A
> does its lookup, finds the IP and answers.  Since B is down, the
> surfer gets the 501 not found message, site owner calls and complains,
> and I have to pay extra for the phone help.
>
> The fix:
> Same as above, but the DNS server on A also knows the IP address for
> the A network of the web server and answers with it.  Surfer is happy,
> web site owner is happy, I am happy as the bills get paid.
>
> Same can be done with MX records.  Note that the 'relay for' part goes
> away, as the mail gets dropped into the correct mail box, but from the
> other side of the network.
>
> The routers/firewalls that protect our internal networks shouldn't be
> a problem here as they should choose the shortest path and connect
> accordingly.  If they don't do this, I only have to change the gateway
> IP on the DHCP server and it's done.
>
> I know that I will have to run multiple Bind's to take care of the
> different networks, but have done that with a local and live network
> with no problems.  Can move the local DNS to another box that is
> off-line. Ok, I probably could run 3, but it would get confusing.  The
> (could be) tricky part.  I haven't tried this, but will Internic
> accept the same domain name, but different IP addresses as the DNS
> servers?  I currently have a .com and a .net as the DNS entries.  Now,
> when someone wants mail.theredomain.com, it points to mydns.com and
> tries the first server in the list.  If that network  happens to be
> down, the second is tried which should point to a valid mail server.
>
> I hope that I didn't impose upon you too much.  Has anyone done this,
> or am I missing that one little bit of information?
>
> Thanks for reading and have a great week!
>
> Please REMOVE from my eMail address.
>
> thanks
>
> tod