Web site failover
Kevin Darcy
kcd at daimlerchrysler.com
Tue Feb 10 23:29:50 UTC 2004
Jeff Lasman wrote:
>On Tuesday 10 February 2004 05:43 am, Ned Trilby wrote:
>
>
>
>>How can I set up a failover (within 4 hours) of a website? My site
>>"TEST111.com" is running in "SITEA" with ISPA as the ISP. If SITEA
>>burns down I have a standby machine in SITEC with a connection to
>>ISPB. Can ISPB take over traffic for "TEST111.com"? How is this
>>achieved? I would only see my standby machine connected to the
>>Internet if the original machine in SITEA fails.
>>
>>
>
>Here's a recipe for quick-and-dirty failover protection:
>
>First:
>
>Set your domain to use two nameservers, for example, ns1.example.com and
>ns2.example.com, with ns1.example.com pointing to an IP# resolving to
>the machine at ISP1 and ns2.example.com pointing to an IP# resolving to
>the machine at ISP2.
>
>Both machines must be running a nameserver.
>
>Each nameserver must be set up as a master for the domain and not a
>slave, and must resolve the website name (for example www.example.com
>and perhas example.com as well) to itself.
>
>So you'll need two copies of the site, one on the machine hosted at ISP1
>and one on the machine hosted at ISP2.
>
>If both machines are active at the same time then some hits will go to
>the machine at ISP1 and some to the machine at ISP2. This will work
>fine if the sites are static sites. If only one machine is connected
>to the net at a time, then that machine will get all the hits.
>(Visitors to the site at the time of failure, and others using the same
>nameservers, won't be able to see the site for the TTL time, so you'll
>probably want to keep that as short as possible.)
>
>If the sites are not static sites, then your scenario in which you only
>turn on the standby system after the main system fails will work, but
>unless you've kept the sites synchronized, the site the visitors see on
>the standby system might not be the same site they saw on the main
>system.
>
>While I'm sure a bunch of people will come up with a lot of reasons why
>this isn't a good idea, it will do what you want to do as inexpensively
>as it can be done.
>
If you're keeping the TTL short anyway, why bother with the extra
complication of dual masters? Keep it simple: just change the A record
to point to the standby if the primary fails.
Of course, this assumes manual intervention. For automated failover, or
automated failover+load-balancing, get a device dedicated to the task.
-Kevin
More information about the bind-users
mailing list