One Domain; Multiple IPs.

Joseph S D Yao jsdy at cospo.osis.gov
Tue Jul 17 21:56:11 UTC 2001 

On Tue, Jul 17, 2001 at 11:37:32AM -0700, Chris Buxton wrote:
> At 1:58 PM -0400 7/16/01, Joseph S D Yao wrote:
> >You could have two name servers, giving out different IP addresses.
> >That way, if one side goes down, only HALF the accesses would be to the
> >dead IP address.
> 
> Huh??? Why would half fail?
> 
> Here's the deal: The web server sits on both lines, with an IP 
> address on each. Each line has a separate DNS server (or, with Bind 
> 9, you have a single DNS server with two different zone views). There 
> are no other DNS servers; there are no servers that host the zone as 
> a slave zone, so zone transfers aren't an issue.
> 
> Each DNS server only gives out the address of the web server that's 
> on the same line as the DNS server. If that line goes down, incoming 
> DNS queries fail, so the nonfunctional web server address isn't given 
> out. The only failures (for new web visitors) occur between the time 
> of the line failure and the time of the and the subsequent expiration 
> of the TTL - usually set to 300 or less.
> 
> Of course, anyone who's already gotten to the site is out of luck 
> until they reboot their machines, at least for most client platforms. 
> That's why I always tell people BGP is a better solution. But many of 
> those who use the method outlined above have DSL lines; relatively 
> few DSL providers support BGP.

Exactly true, given the assumption which you made but I did not - that
the name servers are on the same networks as the addresses which they
advertise.  Even making that assumption, if the users of the Web server
use it regularly, some number falling from one half will fail while the
addresses expire (as you also say).

This is still an inferior solution to some sort of failover router
protocol.

If you do not make your assumption, as Dominick did not, then the name
servers will continue to advertise both IP addresses, half failing.

> Regarding the ongoing debate/flame war: Please, no more arguing about 
> whether this violates the protocol, or what-have-you. The fact is, it 
> causes absolutely no problems and works as well as I've described. 
> Anyone who hasn't thought this through thoroughly should not be 
> making statements of strong opinion. The protocol is a tool, not a 
> religious text.

Yup.

-- 
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
OSIS Center Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

More information about the bind-users mailing list