michoski at cisco.com
Fri Mar 9 19:16:14 UTC 2012
On 3/9/12 7:58 AM, "Romgo" <romgo at free.fr> wrote:
> Even if I use a VIP I can reproduce the issue :
> If the first VIP (so the nameserver 1) is down, I'll have the same
> drawbacks. As the resolver will timeout before falling back to the second
Sure, we don't live in a perfect world. You can establish reasonable
countermeasures based on your time/budget which will help reduce the
likelihood and impact of failure, but it is likely cost prohibitive to
optimize the edge case and try to implement perfection. :-)
This is why VIPs + resolv.conf options were suggested. In most cases, the
VIP will save you. When it doesn't, you still have a reasonable failover
time. Monitoring, automation, well-planned maintenance windows, etc. should
help further reduce unexpected issues for your clients.
> On 9 March 2012 10:13, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>> We also make the two different VIPs use different underlying tech - one is
>> an anycast route advertised with eBGP, the other is via load-balancing. The
>> diversity of tech gives us a bit more resilience and flexibility - taking
>> out the load-balancer no longer destroys DNS, for example.
Good deal, but there are pros and cons to any approach. Added "diversity"
-- while useful and touted for years (I always enjoy the "genetic diversity"
discussions saying each of my clusters should run 4-5 different operating
systems) -- also means added "complexity", which has its own cost. :-)
Work is the curse of the drinking classes.
-- Mike Romanoff
More information about the bind-users