Web site failover

Kevin Darcy kcd at daimlerchrysler.com
Tue Feb 10 23:29:50 UTC 2004 

Jeff Lasman wrote:

>On Tuesday 10 February 2004 05:43 am, Ned Trilby wrote:
>
>  
>
>>How can I set up a failover (within 4 hours) of a website? My site
>>"TEST111.com" is running in "SITEA" with ISPA as the ISP. If SITEA
>>burns down I have a standby machine in SITEC with a connection to
>>ISPB. Can ISPB take over traffic for "TEST111.com"? How is this
>>achieved? I would only see my standby machine connected to the
>>Internet if the original machine in SITEA fails.
>>    
>>
>
>Here's a recipe for quick-and-dirty failover protection:
>
>First:
>
>Set your domain to use two nameservers, for example, ns1.example.com and 
>ns2.example.com, with ns1.example.com pointing to an IP# resolving to 
>the machine at ISP1 and ns2.example.com pointing to an IP# resolving to 
>the machine at ISP2.
>
>Both machines must be running a nameserver.
>
>Each nameserver must be set up as a master for the domain and not a 
>slave, and must resolve the website name (for example www.example.com 
>and perhas example.com as well) to itself.
>
>So you'll need two copies of the site, one on the machine hosted at ISP1 
>and one on the machine hosted at ISP2.
>
>If both machines are active at the same time then some hits will go to 
>the machine at ISP1 and some to the machine at ISP2.  This will work 
>fine if the sites are static sites.  If only one machine is connected 
>to the net at a time, then that machine will get all the hits.  
>(Visitors to the site at the time of failure, and others using the same 
>nameservers, won't be able to see the site for the TTL time, so you'll 
>probably want to keep that as short as possible.)
>
>If the sites are not static sites, then your scenario in which you only 
>turn on the standby system after the main system fails will work, but 
>unless you've kept the sites synchronized, the site the visitors see on 
>the standby system might not be the same site they saw on the main 
>system.
>
>While I'm sure a bunch of people will come up with a lot of reasons why 
>this isn't a good idea, it will do what you want to do as inexpensively 
>as it can be done.
>
If you're keeping the TTL short anyway, why bother with the extra 
complication of dual masters? Keep it simple: just change the A record 
to point to the standby if the primary fails.

Of course, this assumes manual intervention. For automated failover, or 
automated failover+load-balancing, get a device dedicated to the task.

                                                                         
                                       -Kevin

More information about the bind-users mailing list