ROUND ROBIN and antivirus server

Clade cdelia at melitacable.com
Wed Feb 9 07:58:27 UTC 2005 

Thank you for your help. In fact this morning I uncommented out the
enable-cache hosts not on our server and everythings appears to be
working fine.

Thank you once again for your help

Drew Schatt <schatt at schatt.com> wrote in message news:<cubfvk$p5f$1 at sf1.isc.org>...
> NSCD caches only for the local resolved. If you are using bind, etc, 
> it doesn't affect bind at all - it just affects applications on the 
> server that don't make their own queries directly. It is a STRONG 
> recommendation that ALL of your Sun machines have the enable-cache 
> hosts no line UNCOMMENTED.  NSCD (like almost any other piece of 
> software) has it's own issues, and can cause it's own problems (which 
> you're seeing). It is, however, advised to leave it running (to 
> buffer/cache accesses to the user/shadow files, for instance).
> 	Hope this helps.
> 	-Drew Schatt
> On Feb 8, 2005, at 5:18 AM, Clade wrote:
> 
> > Thank you for your advice Kevin
> >
> > In fact this morning I read abit on nscd and I noted that my nscd.conf
> > in /etc had the line
> >
> > enable-cache            hosts           no
> >
> > commented out. I have now set it as above so that DNS caching is no
> > longer performed. And the server appears to be working pretty well -
> > load sharing between the two (as I had wanted).
> >
> > The last problem that remains is the following. As I had previously
> > stated, this relay server receives emails from the internet and
> > forwards them to the antivirus server to be directly to clients'
> > mailboxes. However, emails sent from our own client are directly sent
> > to the antivirus server bypassing this relay server. To tell you the
> > truth, I am afraid to enable the command above on the mail server
> > since this server also serves as a primary name server (I do not want
> > this server to become heavily loaded just because I name resolving
> > would be performed at every instant). Do I have any reason to worry
> > and should enabling the above command not cause any drastic processing
> > load on the server. Currently, only emails being sent from 'external'
> > people are being round robined between the two antivirus servers. All
> > emails being sent from our clients are being sent to the ip that is
> > currently being cached in the name server. If the enabling of the
> > command is the nscd.conf file will cause any loading, is there some
> > other way how I can go around this problem, please?
> > Preferably, I would like to have all emails being round-robinned
> > between the two antivirus servers instead of just having them passing
> > through one path.What I am after is redundancy and if round-robin does
> > not function properly, I will not be achieving this desired redundancy
> >
> > Thank you in advance for any help
> >
> > Kevin Darcy <kcd at daimlerchrysler.com> wrote in message 
> > news:<cu8k85$ssa$1 at sf1.isc.org>...
> >> I'd guess something on your relay servers, e.g. nscd or the MTA 
> >> itself,
> >> is caching the DNS result. There's nothing in BIND you can do to fix
> >> this. You'd need to find what is doing the caching, and turn off that
> >> behavior, if possible.
> >>
> >>
> >>                                           - Kevin
> >>
> >> Clade wrote:
> >>
> >>> Hi
> >>>
> >>> I work at an ISP. Currently all emails coming from the internet are
> >>> first passing through two relay servers. These relay servers employ
> >>> smart host to relay emails to an antivirus server after which they 
> >>> are
> >>> directed to our mail server to be delivered to our clients' malboxes.
> >>> I have now implemented a second antivirus servers. In order to test
> >>> its performance, I have removed all all of our domains, except for 
> >>> one
> >>> particular domain, from being relayed from one of our relay servers. 
> >>> I
> >>> have changed the sendmail.cf file of the relay server which is
> >>> receieving emails for just one domain to round robin between the two
> >>> antivirus servers. I performed the necessary changes in the zone file
> >>> for this particular domain
> >>>
> >>> xxx  IN   60    A     yyyy.yyyy.yyyy.yyyy
> >>> xxx  IN   60    A     zzzz.zzzz.zzzz.zzzz
> >>>
> >>> I also set mailertable for this domain to point to xxx.
> >>>
> >>> Last week I implemented this setup for testing. HOwever, I noticed
> >>> that round robin was not occurring as I had wanted it to. All emails
> >>> were being passed on to one of the antivirus servers for a long time
> >>> (say almost two hours). AFter then, the emails were being sent to
> >>> either the same server and or to the other antivirus server. I had 
> >>> not
> >>> desired such a behaviour. I had wanted the relay server to stay
> >>> swutching between one antivirus server and the other. Am I doing
> >>> anything wrong
> >>>
> >>> This morning, I removed the network connection to this new antivirus
> >>> server (at a time when all emails were being sent to it) just to
> >>> verify whether emails starting being sent to the other antivirus
> >>> server. They did not. They wer just queued on the server.
> >>>
> >>> Is there some way how I can implement a ROUND-ROBIN method where
> >>> emails are being sent cyclically from one server to another or to 
> >>> just
> >>> one server if the other server becomes faulty? From my 
> >>> implementation,
> >>> it appears as if the relay server is caching one ip and keeping it
> >>> until it expires (even though I set a TTL of 60s as you can see from
> >>> my configuration above). Then, when the TTL is expiring, the ip is
> >>> searched for again and cached.
> >>>
> >>> Can someone please help?
> >>>
> >>> Thank you in advance for any help or hints that you will be able to
> >>> give me. They are much appreciated.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
> >
> ----
> Drew Schatt

More information about the bind-users mailing list