dns (and dhcp ..) and loadbalancing

Kevin Darcy kcd at daimlerchrysler.com
Sat Dec 3 00:28:00 UTC 2005 

Claus,
Are you not getting the responses to your messages? Or are you just 
ignoring them?

Between nameservers, load-balancing and failover are automatic. You 
don't really need load-balancers for that, although they are useful for 
providing a "virtual IP" for all of the nameservers at a given subnet or 
location, behind each one of which you can put one or more nameserver 
instances, and add/delete/readdress them without having to update your 
delegations each time.

If you're talking about enhancing your availability to ordinary DNS 
clients (i.e. stub resolvers), then perhaps load-balancers would be 
helpful. For DHCP, things are a little more complex (and off-topic for 
this list). Briefly, DHCP leases, as opposed to DNS queries, are 
*stateful*, so you need to have the DHCP servers share state if you want 
to load-balance between them. Otherwise you could run into the situation 
where two different DHCP servers assign the same address to two 
different clients (most DHCP systems have a "ping-before-assign" 
functionality, but that's not an absolute protection against duplicate 
assignment).

As for the problem of sendmail resolving DNS unreliably, I think the 
consensus was that you should be running a caching-only nameserver 
config on your sendmail box(es).

- Kevin

Claus van de Vlierd wrote:

>  Hello ,
>
>  a) we still have a prim. nameserver that works sometimes rather slowly.
>
>   b) to be more precise :
>
>   b1) we have a prim. nameserver "<name of ns1>" with IP "<IP of ns1>"
>       that is at the same time our primary DHCP-Server.
>
>   b2) we have a sec. nameserver "<name of ns2>" with IP "<IP of ns2>"
>       that is at the same time our sec. ("failover") DHCP-Server.
>
>   b3) on our Routers we give both "helper-addresses" for dhcp-requests :
>        "<IP of ns1>" and "<IP of ns2>" .
>
>  c) now some guys here propose the following schema in order to make 
>sure that ,
>   let's say the "sendmail"-requests , are being sent to the SEC.
>    SEC. nameserver in such a case of slow prim. nameserver :
>
>
>    c1)  put a loadbalancer at the entrance of our net and give it
>      both IP-addresses "<IP of ns1">  and "<IP of ns2">
>
>    c2) change name and IP of the prim. nameserver (== prim. DHCP-Server)
>        to "<new name of ns1"> resp. "<new IP of new name of ns1">
>
>    c3) change name and IP of the sec. nameserver (== sec. DHCP-Server)
>         to "<new name of ns2"> resp. "<new IP of new name of ns2"> .
>
>     c4) change the "Router-dhcp-request-helper-addresses" from
>         "<IP of ns1"> and "IP of ns2"> to
>          "<new IP of new name of ns1"> and "<new IP of new name of ns2">
>
>
>  d)  then the loadbalancer would receive all the dns- (port 53) and
>      DHCP-requests and would distribute them to our prim and sec. 
>Servers --
>      so a slow prim. server would not matter any more : the loadbalancer
>      would then prefer to send the requests to the sec. server.
>
>
>  e) BUT : would such a szenario work ?!??
>
>      e.g. : our DNS-Server would then answer "nslookups" with his
>      address "<new IP of new name of ns1"> ---  but of course
>      we have world-wide propagated that only
>      "<IP of ns1>"
>      is  AUTHORITATIVE  for giving information about our domain ... !
>
>
>      I am afraid that the schema from "a)" - c)" would cause us many
>       problems -- or ?!
>
>       SO :
>
>   f) is there any possibility to put a loadbalancer at the entrance of
>      our net IN A WAYHAT WE HAVE  NOT TO CHANGE the IP-addresses
>      of these nameservers (which are "worldwide known" ..) and  in a way
>      that the loadbalancer first receives the dns- and dhcp-requests
>      (that means : listens to the nameservers's addresses ..)
>       and than distributes them to these nameserver ?!
>
>      or perhaps it is a better idea , instead of using a loadbalancer,
>      to work with the "routing-statements" on our routers
>      and tell the router that it should use for ,e.g. "port 53 - dns- 
>requests",
>
>       the route to "<IP of ns2">  instead of "<IP of ns1"> in case the
>        latter does not work properly ?!?
>
>
>  g) any proposal would be appreciated for our above problem :
>
>     HOW can we ensure that e.g. our "sendmail"-system uses the SECONDARY
>     nameserver in case the primary nameserver works very slowly (if at 
>all ..) ?!?!
>
>
>  h) thanks for any help :
>
>    Claus van de Vlierd
>
>
>
>
>
>
>
>
>  
>

More information about the bind-users mailing list