Delegation of part of a zone to a global server load balancer
Kevin Darcy
kcd at CHRYSLER.COM
Mon Apr 7 22:08:57 UTC 2014
I'm assuming you have forwarding set up. Make sure to set "forwarders {
};" in the aelabad.net zone definition. Failure to do so means that your
recursive queries for names in subzones forward out towards the
Internet, instead of following the delegations down to the
austin-energy.net nameservers, as you intended.
I concur with Mike Hoskins that delegating a *single* zone for each set
of load-balancers, and then aliasing the names to targets underneath
that delegation point, is a more scalable and manageable way to handle
GSLB (as opposed to delegating each individual name to be load-balanced).
E.g.
;; ANSWER SECTION:
international.chrysler.com. 7200 IN CNAME int.us3.lb.chrysler.com.
int.us3.lb.chrysler.com. 10 IN A 129.9.96.29
int.us3.lb.chrysler.com. 10 IN A 129.9.64.29
;; ANSWER SECTION:
us3.lb.chrysler.com. 28800 IN NS gssoddi1.extra.chrysler.com.
us3.lb.chrysler.com. 28800 IN NS gsssdci1.extra.chrysler.com.
- Kevin
On 4/7/2014 10:16 AM, McDonald, Dan wrote:
> What's the right way to delegate individual zone records to a "global
> server load balancer", which is just a simple DNS server that checks
> to see if a server is up and if so adds the address to the rotation
> for resolution.
>
> I've tried simple delegation using ns records, but I don't get
> resolution. In this example, nsg3 and 4 are my global server load
> balancers for the outlook.aelabad.net zone, and ns3.aelabad.net is
> the start of authority for the aelabad.net zone.
>
>
> Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net +norecurse
> @ns3.aelabad.net
>
>
> ; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net +norecurse @ns3.aelabad.net
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25051
>
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
>
>
> ;; QUESTION SECTION:
>
> ;outlook.aelabad.net.INA
>
>
> ;; AUTHORITY SECTION:
>
> outlook.aelabad.net.1200INNSnsg4.austin-energy.net.
>
> outlook.aelabad.net.1200INNSnsg3.austin-energy.net.
>
>
> ;; ADDITIONAL SECTION:
>
> nsg3.austin-energy.net.918INA10.10.9.3
>
>
> ;; Query time: 1 msec
>
> ;; SERVER: 10.1.9.34#53(10.1.9.34)
>
> ;; WHEN: Mon Apr 7 09:05:42 2014
>
> ;; MSG SIZE rcvd: 105
>
> Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net
> @nsg3.austin-energy.net
>
>
> ; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @nsg3.austin-energy.net
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8783
>
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
>
> ;; QUESTION SECTION:
>
> ;outlook.aelabad.net.INA
>
>
> ;; ANSWER SECTION:
>
> outlook.aelabad.net.10INA10.10.223.52
>
>
> ;; Query time: 3 msec
>
> ;; SERVER: 10.10.9.3#53(10.10.9.3)
>
> ;; WHEN: Mon Apr 7 09:03:03 2014
>
> ;; MSG SIZE rcvd: 72
>
> Daniel-McDonalds-iMac:~ mcdonalddj$ dig outlook.aelabad.net
> @ns3.aelabad.net
>
>
> ; <<>> DiG 9.8.3-P1 <<>> outlook.aelabad.net @ns3.aelabad.net
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14770
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>
> ;; QUESTION SECTION:
>
> ;outlook.aelabad.net.INA
>
>
> ;; AUTHORITY SECTION:
>
> net.686INSOAa.gtld-servers.net. nstld.verisign-grs.com. 1396879162
> 1800 900 604800 86400
>
>
> ;; Query time: 2 msec
>
> ;; SERVER: 10.1.9.34#53(10.1.9.34)
>
> ;; WHEN: Mon Apr 7 09:03:17 2014
>
> ;; MSG SIZE rcvd: 110
>
>
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140407/cd00e37f/attachment.html>
More information about the bind-users
mailing list