HSRP-like virtual DNS services.

Ladislav Vobr lvobr at ies.etisalat.ae
Sat Sep 4 05:10:00 UTC 2004


phill,

	The url from isc site you have posted, talks about anycast, you can 
read also for example http://www.nanog.org/mtg-0310/pdf/miller.pdf, this 
technique basically utilize dynamic routing protocols OSPF,BPG to 
provide load sharing/redundancy for your dns servers.

	Alternatively L4-7 switches can be used as well, but generally it is 
costly solution with very sophisticated boxes which are not easy to 
troubleshoot/operate. Global failover between two sites with l4-7 
switches is most of the time proprietary solution, so you can not mix 
different vendors if you want to achive it.

	We are trying to deploy both to see and learn from both scenarios, L4-7 
can offer better load balancing policies, it can filter traffic in all 7 
layers, for example for specific dns request setup specific policies, 
this might be handy for dns recursive services.

Ladislav


Phil Hoenig wrote:
> Hi all,
> 
> I'm looking at upgrading our DNS servers and, if possible, would like
> to have some sort of redundacy set up such that if any one machine went
> down the service itself would still continue. 
> 
> A possibility is to have two machines behind a load sharer of some
> sort, but that load sharer itself then becomes a single point of
> failure, so there'd have to be two of those. This leads to at least
> four machines for each of our three services (which I want to keep
> separate so that a DOS against one is not a DOS against the others) and
> I'm not sure I can justify the resources to purchase, set up and
> maintain a dozen machines. I'm also not sure how that sort of thing
> would work when other very important services are on the same subnet
> (it seemed like a good idea at the time - over a decade ago) and
> changing the IPs of these services would be painful.
> 
> A DNS analogue to Cisco's HSRP seems like a good solution. Two DNS
> servers each with their own IPs on the same subnet would pretend to be
> a third, with the first doing all the work whilst the second monitors
> the first and takes over should the first have any difficulties. I'd
> imagine that there should be a wrapper script around named similar to
> that mentioned in <http://www.isc.org/pubs/tn/isc-tn-2004-1.html> so
> that a machine with DNS probems will appear to be a machine off the air
> and that there'd have to be some work to keep these machines
> synchronised and have their zone transfer request appear to come from the
> virtual service.
> 
> Presumably this sort of thing's been done before but I can't find much
> useful documentation on the matter. What term should I be Googling for?
> (The hardware and OS haven't been purchased as yet so they can be
> whatever's suitable.)
> 
> Thanks,
> 
> Phil Hoenig
> 



More information about the bind-users mailing list