dns (and dhcp ..) and loadbalancing
Kevin Darcy
kcd at daimlerchrysler.com
Sat Dec 3 00:28:00 UTC 2005
Claus,
Are you not getting the responses to your messages? Or are you just
ignoring them?
Between nameservers, load-balancing and failover are automatic. You
don't really need load-balancers for that, although they are useful for
providing a "virtual IP" for all of the nameservers at a given subnet or
location, behind each one of which you can put one or more nameserver
instances, and add/delete/readdress them without having to update your
delegations each time.
If you're talking about enhancing your availability to ordinary DNS
clients (i.e. stub resolvers), then perhaps load-balancers would be
helpful. For DHCP, things are a little more complex (and off-topic for
this list). Briefly, DHCP leases, as opposed to DNS queries, are
*stateful*, so you need to have the DHCP servers share state if you want
to load-balance between them. Otherwise you could run into the situation
where two different DHCP servers assign the same address to two
different clients (most DHCP systems have a "ping-before-assign"
functionality, but that's not an absolute protection against duplicate
assignment).
As for the problem of sendmail resolving DNS unreliably, I think the
consensus was that you should be running a caching-only nameserver
config on your sendmail box(es).
- Kevin
Claus van de Vlierd wrote:
> Hello ,
>
> a) we still have a prim. nameserver that works sometimes rather slowly.
>
> b) to be more precise :
>
> b1) we have a prim. nameserver "<name of ns1>" with IP "<IP of ns1>"
> that is at the same time our primary DHCP-Server.
>
> b2) we have a sec. nameserver "<name of ns2>" with IP "<IP of ns2>"
> that is at the same time our sec. ("failover") DHCP-Server.
>
> b3) on our Routers we give both "helper-addresses" for dhcp-requests :
> "<IP of ns1>" and "<IP of ns2>" .
>
> c) now some guys here propose the following schema in order to make
>sure that ,
> let's say the "sendmail"-requests , are being sent to the SEC.
> SEC. nameserver in such a case of slow prim. nameserver :
>
>
> c1) put a loadbalancer at the entrance of our net and give it
> both IP-addresses "<IP of ns1"> and "<IP of ns2">
>
> c2) change name and IP of the prim. nameserver (== prim. DHCP-Server)
> to "<new name of ns1"> resp. "<new IP of new name of ns1">
>
> c3) change name and IP of the sec. nameserver (== sec. DHCP-Server)
> to "<new name of ns2"> resp. "<new IP of new name of ns2"> .
>
> c4) change the "Router-dhcp-request-helper-addresses" from
> "<IP of ns1"> and "IP of ns2"> to
> "<new IP of new name of ns1"> and "<new IP of new name of ns2">
>
>
> d) then the loadbalancer would receive all the dns- (port 53) and
> DHCP-requests and would distribute them to our prim and sec.
>Servers --
> so a slow prim. server would not matter any more : the loadbalancer
> would then prefer to send the requests to the sec. server.
>
>
> e) BUT : would such a szenario work ?!??
>
> e.g. : our DNS-Server would then answer "nslookups" with his
> address "<new IP of new name of ns1"> --- but of course
> we have world-wide propagated that only
> "<IP of ns1>"
> is AUTHORITATIVE for giving information about our domain ... !
>
>
> I am afraid that the schema from "a)" - c)" would cause us many
> problems -- or ?!
>
> SO :
>
> f) is there any possibility to put a loadbalancer at the entrance of
> our net IN A WAYHAT WE HAVE NOT TO CHANGE the IP-addresses
> of these nameservers (which are "worldwide known" ..) and in a way
> that the loadbalancer first receives the dns- and dhcp-requests
> (that means : listens to the nameservers's addresses ..)
> and than distributes them to these nameserver ?!
>
> or perhaps it is a better idea , instead of using a loadbalancer,
> to work with the "routing-statements" on our routers
> and tell the router that it should use for ,e.g. "port 53 - dns-
>requests",
>
> the route to "<IP of ns2"> instead of "<IP of ns1"> in case the
> latter does not work properly ?!?
>
>
> g) any proposal would be appreciated for our above problem :
>
> HOW can we ensure that e.g. our "sendmail"-system uses the SECONDARY
> nameserver in case the primary nameserver works very slowly (if at
>all ..) ?!?!
>
>
> h) thanks for any help :
>
> Claus van de Vlierd
>
>
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list