Advice on balancing web traffic using geoip ACls

G.W. Haywood bind at jubileegroup.co.uk
Sun Feb 23 12:59:41 UTC 2020


Hi there,

On Sun, 23 Feb 2020, Scott A. Wozny wrote:

> Greetings BIND gurus,

Sorry, I can't make any claim to be a BIND guru.

> ... webserver clusters hosted on the west and east coasts of the US
> and would like to use Bind 9.11.4

Hmmm.  You might want to look e.g. at all the fixes since 9.11.4 in

https://downloads.isc.org/isc/bind9/9.11.16/RELEASE-NOTES-bind-9.11.16.html

> with the Maxmind GeoIP database to split the traffic about evenly ...

especially the release notes for 9.11.15 if you're sure about MaxMind.
(After the changes in their APIs a while back cost me many weeks of
effort, and some temporary loss in functionality, I'd be very cautious
about relying on them again.  It was a completely different scenario.)

Of course even if you do look at the location of your DNS clients, it
doesn't tell you much about where _their_ clients are, nor much about
the routing of any packets that their clients might exchange with your
webservers.  In England I frequently see email from the neighbouring
town that's been routed via Austria, Finland, Japan...

Wouldn't even random routing or round-robin (basically do nothing) be
easier to implement, faster, more reliable, more (perhaps strangely)
predictable, and ... ?

https://en.wikipedia.org/wiki/Round-robin_DNS

For your use case I guess you'd really need to instrument something to
know for sure, and by then you've gone and done it anyway. :)

-- 

73,
Ged.


More information about the bind-users mailing list