DNS Racing -Multi ISP load balancing with failover using DNS.
Kevin Darcy
kcd at chrysler.com
Mon May 30 23:44:47 UTC 2011
Get back to us when you prove that this co-exists with DNSSEC; otherwise
it's a non-starter. While you're at it, some data proving that this
actually enhances performance or availability would be nice too.
- Kevin
On 5/30/2011 3:21 PM, Maren S. Leizaola wrote:
> Hello,
> I am reading this mailing as a digest so sorry for the
> late replies. Firstly we have been using this method for over 4 years
> and I've yet not had one person tell me that they can connect to our
> servers using POP3, SMPT, IMAP or WEB.
>
> 1. Mark, Regarding Chrome, my last big crawl of the internet from Hong
> Kong the average DNS resolution was 450ms average... so 300ms would
> give you what result. Not sure I don't care. I am talking for IP
> connectivity not some application decigin which RR it shoud use as
> many applications are dumb and you can't ask the remote end to change
> anything. FYI, I will never use Chrome and nor will many people due
> to privacy issues. It is banned in companies in Asia.
>
> 2. Mark there are no modification to any packets at the DNS resolver
> level.... nor sure why there would have be. We have yet not
> implemented DNS SEC so I don't know if this breaks anything. First
> packet wins.... both can be signed. Now if you have something set on
> paranoid mode which checks the consistency of the DNS servers it would
> fail... that is an extreme minority and have YET to see a complaint.
>
> Matus, I like your reply. You are right that the wining IP would be
> the one that is closes to the Resolving server than to the
> client...... I know that not everyone is using a DNS resolver on the
> same network/AS number that they are on.
> This could be the biggest flaw. Say you use Google FreeDNS and it will
> give as a reply what ever google can access the fastest. However if
> you are using a DNS resolver within your AS number you will benefit
> from DNS Racing.
> Well pointed out. All that this does is breaks the best bath and
> access guarantee that DNS Racing provides.... In reality if you don't
> implement DNS racing you would get the same result.
>
> No it does not rely on BIND RTT feature, we are talking about pure
> latency DNS replies race to the resolver, the one that gets there
> first is the winner.
>
> This is not something that I just dream up yesterday we have been
> using it for years.... without problems.... which is why I feel it is
> safe to document in and recommend it.
>
> Regards,
> Maren.
>
>
>
>
> On 3:59 AM, Mark Andrews wrote:
>> And if people used happy-eyeballs[1] or similar[2] in the applications
>> this would not be needed. Chrome already does this with their
>> latest browser. It uses a 300ms timer to switch to the next address.
>>
>> Happy-eyeballs was primarially written to deal with broken 6to4
>> links but the techniques are applicable to any multi-homed service
>> be it IPv4 only, IPv6 only or a mixture of IPv4 and IPv6.
>>
>> Mark
>>
>> [1] http://tools.ietf.org/html/draft-wing-v6ops-happy-eyeballs-ipv6-01
>> [2]
>> https://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp
>>
>> In message<4DE2C00B.6090607 at isc.org>, Alan Clegg writes:
>>> This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
>>> --===============2705591056810672531==
>>> Content-Type: multipart/signed; micalg=pgp-sha1;
>>> protocol="application/pgp-signature";
>>> boundary="------------enig46D823F06B8505CC93187062"
>>>
>>> This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
>>> --------------enig46D823F06B8505CC93187062
>>> Content-Type: text/plain; charset=windows-1252
>>> Content-Transfer-Encoding: quoted-printable
>>>
>>> On 5/29/2011 5:12 PM, Maren S. Leizaola wrote:
>>>
>>>> IT is a poor man=92s replacement for BGP multihoming and IP anycast.
>>>> Hey it is Free and you can implement it using BIND.
>>> And you've just broken DNSSEC.
>>>
>>> AlanC
>>>
>>>
>>> --------------enig46D823F06B8505CC93187062
>>> Content-Type: application/pgp-signature; name="signature.asc"
>>> Content-Description: OpenPGP digital signature
>>> Content-Disposition: attachment; filename="signature.asc"
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2.0.17 (MingW32)
>>>
>>> iEYEARECAAYFAk3iwA0ACgkQcKpYUrUDCYdMXwCgmIsTehj06i1fsZtJmCaPEHIi
>>> JqcAoJPhcXKDf/QgPK06MkkYt2N9gZPB
>>> =nLtA
>>> -----END PGP SIGNATURE-----
>>>
>>> --------------enig46D823F06B8505CC93187062--
>>>
>>> --===============2705591056810672531==
>>> Content-Type: text/plain; charset="us-ascii"
>>> MIME-Version: 1.0
>>> Content-Transfer-Encoding: 7bit
>>> Content-Disposition: inline
>>>
>>> _______________________________________________
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> --===============2705591056810672531==--
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
More information about the bind-users
mailing list