<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:12pt"><div><span>so the script would run on the LTM, it will periodically check each physical DNS node, if one cannot resolve then takes it out of the pool; it will also check the VIP, if the VIP cannot resolve, </span><span style="font-size: 12pt; ">pool is empty or LTM issue, </span><span style="font-size: 12pt; ">stop the advertising?</span></div><div><br></div> <div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; "> <div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "> <div dir="ltr"> <font size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> David Klein <root@nachtmaus.us><br> <b><span style="font-weight: bold;">To:</span></b> ju wusuo <juwusuo@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b>
"bind-users@lists.isc.org" <bind-users@lists.isc.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, March 7, 2012 11:18 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: Anycast DNS<br> </font> </div> <br>
<meta http-equiv="x-dns-prefetch-control" content="off"><div id="yiv1361637183"><div><br></div>You would need to create a custom script to use as your monitor, which does a lookup of an address that you know will always be in your domain. If that fails, force-down/inactive the node, and tie this script as a monitor to the pool holding the DNS server nodes. <div>
<br></div><div>You can advertise the /32 containing the VIPA to the up-stream router via either OSPF or IBGP, and if the pool goes empty, stop advertising the route (the only option is stop advertising, not actively withdraw the route, since that could cause a massive reconvergence cycle in your enterprise-wide RIB, if done wrong, just because of a flapping interface). </div>
<div><br></div><div><br></div><div><br></div><div>HTH,</div><div><br></div><div> -DTK</div><div><br><br><div class="yiv1361637183gmail_quote">On Wed, Mar 7, 2012 at 2:34 PM, ju wusuo <span dir="ltr"><<a rel="nofollow" ymailto="mailto:juwusuo@yahoo.com" target="_blank" href="mailto:juwusuo@yahoo.com">juwusuo@yahoo.com</a>></span> wrote:<br>
<blockquote class="yiv1361637183gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; "><div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; ">
<span><br></span></div><div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; ">thanks everyone for all responses with the great inputs ..</div><div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; ">
<br></div><div><font size="3">now if I want to put the DNS servers behind LBs, 1) would the LTMs be able to announce </font><font size="3">the routes </font>dynamically<font size="3"> </font>for the DNS servers, and a VIP can be withdrawn when the site is gone? 2) would the LTMs be able to detect a DNS service failure and stop sending over DNS queries, i.e., in the case a named is still up but just not able to resolve names (assuming LTM can detect a named is down)? </div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; "><div style="font-size:12pt;"><br> </div> </div> </div></div><br>_______________________________________________<br>
Please visit <a rel="nofollow" target="_blank" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a rel="nofollow" ymailto="mailto:bind-users@lists.isc.org" target="_blank" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a rel="nofollow" target="_blank" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><br>david t. klein<br><br>
Cisco Certified Network Associate (CSCO11281885)<br>Linux Professional Institute Certification (LPI000165615)<br>Redhat Certified Engineer (805009745938860)<br><br>Quis custodiet ipsos custodes?<br><br><br><br>
</div>
</div><meta http-equiv="x-dns-prefetch-control" content="on"><br><br> </div> </div> </div></body></html>