Does any one know software sollutions (free is preferable) like as cisco GSS
and F5 BIG-IP? The main point is that DNS-server (or dns server plugin) must
be able to monitor server availability (for example by TCP connect) and from
DNS-reply depends on it.
I know that it is possible by BIND with set of script. But we are trying to
find more usable solution with frendly interface.
Thanks a lot.
I think powerdns is more flexible in this regard. Not sure about a friendly interface, though.
Jack
Sergey,
I have no suggestions that directly answer your question. I'd write a
script against bind myself. But if you're trying to fail over a web
server, you're walking into a nasty trap.
"DNS pinning" obstructs web browsers from finding a server on an
alternate IP address regardless of the DNS TTL. The core issue is that
allowing a browser running javascript to connect to a server other
than the one from which the script came is a gigantic security hole.
Someone realized you could do that by changing the IP address the host
name pointed to, so now there's a convoluted and not entirely
standardized set of rules for when and whether the browser allows it.
Net result is that in some cases a user's long-running browser will
indefinitely ignore the change you made to the DNS. I've seen such
things persist for months.
For better or for worse, the way you -reliably- fail over a web server
is with routing and middleboxes like a load balancer.
Regards,
Bill Herrin
Hi,
Having hit these issues myself, I heavily recommend a real frontend
proxy like nginx or varnish.
Net result is that in some cases a user's long-running browser will
indefinitely ignore the change you made to the DNS. I've seen such
things persist for months.
Do you have any recent evidence to support this? The what-browsers-do-with-what world changes daily... and my understanding is that a lot of these things that used to be problems have been changed.
For better or for worse, the way you -reliably- fail over a web server
is with routing and middleboxes like a load balancer.
Alas, sometimes that's just not possible - try doing that @ EC2, for example (which is why I've recently been on the hunt for GSLB solutions that don't involve appliances...).
A frontend proxy (nginx, varnish, haproxy, or anything else) doesnt give you HA any more than any other loadbalancer solution does. You need a way to send traffic to another frontend server when the primary frontend server fails, or is overloaded, transparently.
The tools we have available these days to do this are VRRP-like solutions (which all of the appliances use) that use multicast, some amount of NAT and routing magic (which I've often not seen done sanely), or DNS solutions (better known as GSLB) that dynamicly change the DNS responses
depending on conditions (which could be source location, or could be server availability, or whatever).
Normally, VRRP would be the way to go. But these days multicast isn't supported everywhere (major example - Amazon EC2), leaving DNS...
Many HA environments use both, and F5 is designed to do both, supporting DNS tricks (of which, you could possibly run host based monitoring and dynamic updates to accomplish), anycast routing, and vrrp-like DSR/NAT load balancing.
Jack
Agreed. But sometimes you can't do both. 
Now if F5 would sell me an "appliance" that runs their GSLB code I could run @ EC2.
Hi Dorn,
There's an efficiency problem where you can no longer pipeline http
requests and have to delay every http request while a DNS lookup
happens. Also it'd probably crush your google pagerank. And you still
wouldn't get around the javascript in your web 2.0 pages needing to go
back to the same server name it came from in order to update the
content on those pages.
The custom name strategy does have some other really neat applications
though. You can track a session without setting a cookie. And consider
a large email system: suppose you encode the account name in the
server name and then point that encoded name to the server which
actually holds that user's account? You can eliminate the expensive
front-end that multiplexes user access to the backend servers.
Regards,
Bill Herrin
Ha-proxy and linux virtual server are popular packages.
Neither of these do DNS. He asked about DNS based loadbalancing (also known as GSLB, among other things) software packages....
Hi Guys,
First time post so please excuse.
Does any one know software sollutions (free is preferable) like as
cisco GSS
and F5 BIG-IP? The main point is that DNS-server (or dns server
plugin) must
be able to monitor server availability (for example by TCP connect)
and from
DNS-reply depends on it.Ha-proxy and linux virtual server are popular packages.
Neither of these do DNS.
What does that mean? Load balance DNS lookups across multiple servers?
Or use DNS to load balance? I've never setup a load balancer for DNS
before. Always just had one server and moved the VM in event of
failure/maintenance.
He asked about DNS based loadbalancing (also
known as GSLB, among other things) software packages....
Ah. DNS based load balancing. I've heard good things about powerdns for
that.
- --
Charles N Wyble (charles@knownelement.com)
Systems craftsman for the stars
http://www.knownelement.com
Mobile: 626 539 4344
Office: 310 929 8793
What does that mean? Load balance DNS lookups across multiple servers?
PowerDNS has an awsome geolocation plugin, and that probably can be tied to
a check to see if the IP is up so it's actually checking the status of IPs
to make it more automated.Gary
gdnsd is very robust and fast and has an interface that a networking
engineer won't mind. It comes with a geolocation plugin with
health-check failover via HTTP.
If you want to get fancy you could try an Anycast DNS setup, using GNU's Zebra tool to automatically alter routing tables. http://www.netlinxinc.com/netlinx-blog/45-dns/118-introduction-to-anycast-dns.html
Paul
I assume the "good things" is that with powerdns and the gmysql backend, it's trivial to have a script do some SQL updates as often as you need to change the content and change_date of the records you're using for the DNS based load balancing.
0n Tue, Jan 18, 2011 at 02:42:57PM -0500, david raistrick wrote:
You wouldn't use Zebra; it isn't actively developed anymore and has
not been updated in many years. Use Quagga instead, which is the
community-based offshoot.
... JG