Barry Margolin barmar at
Sat Nov 20 01:51:38 UTC 2004

In article <cnlj3r$2v72$1 at>, "jesk" <jesk at> 

> Hello,
> im thinking about a failover setup of webservices at different locations via
> DNS.
> I got some questions about the possibilities of this:
> 1. how is "IN NS" cached and used by other bind nameservers if one of the NS
> is down? f.e. the TLD server has two "IN NS" records for my zone, now a
> nameserver is looking up this zone and will get this 2 records. first i
> think its trying to resolv via the first nameserver of the replyorder, but
> what would be if this one is down and not reachable, will the resolving
> nameserver try to query via the second one a second time? what would be if
> the first nameserver can succesfully answer, then will be cached by the
> resolving nameserver, but then in the future of the life of the cached "IN
> NS" record the nameserver will be down, is the second nameserver still in
> the cache and the failover will work if this will happen?

All the NS records stay in the cache, and resolving servers 
automatically fail over.  They keep track of response time from previous 
queries, and prefer to the one that had the better time.  When a server 
fails to respond, its response time is set to "very high".

> 2. is the only solution to get a global dns failover without the use of
> routing protocols like BGP to use two or more nameservers at different
> locations(AS or something else) which will then answer queries f.e. of
> webservers with its own specific A-records? f.e. if nameserver A is down in
> cause of a routing problem, then a resolver will query nameserver B(located
> at a different provider) which then will answer a query for www.domain.tld
> with a specific A-record which will be reachable, because its in the same
> physically network.

Are you asking about DNS failover or web site failover?  You started 
this paragraph with a reference to "global dns failover", but then you 
went on to talk about different DNS servers returning different records 
for www.domain.tld.

> 3. if the "IN NS" failover is possible, whats about caching nameservers
> which are caching A-records? are them also failover possible, if yes would
> it be possible to return the A-records for the webserver of both locations
> so that a client will try webserver A first and when not reachable webserver
> B (i think its a implementation thing and too much risk)? or is the only
> solution to create a zone with a TTL of zero?

Whether a client will try both addresses depends on how the client is 
programmed, which is totally out of your control.  And there's no way 
for you to control the order it tries them -- it might try webserver B 

You might want to look into some specialized solutions like Cisco 
Distributed Director or 3Serve.

Barry Margolin, barmar at
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list