ROUND ROBIN and antivirus server

Drew Schatt schatt at schatt.com
Tue Feb 8 22:31:02 UTC 2005 

	NSCD caches only for the local resolved. If you are using bind, etc, 
it doesn't affect bind at all - it just affects applications on the 
server that don't make their own queries directly. It is a STRONG 
recommendation that ALL of your Sun machines have the enable-cache 
hosts no line UNCOMMENTED.  NSCD (like almost any other piece of 
software) has it's own issues, and can cause it's own problems (which 
you're seeing). It is, however, advised to leave it running (to 
buffer/cache accesses to the user/shadow files, for instance).
	Hope this helps.
	-Drew Schatt
On Feb 8, 2005, at 5:18 AM, Clade wrote:

> Thank you for your advice Kevin
>
> In fact this morning I read abit on nscd and I noted that my nscd.conf
> in /etc had the line
>
> enable-cache            hosts           no
>
> commented out. I have now set it as above so that DNS caching is no
> longer performed. And the server appears to be working pretty well -
> load sharing between the two (as I had wanted).
>
> The last problem that remains is the following. As I had previously
> stated, this relay server receives emails from the internet and
> forwards them to the antivirus server to be directly to clients'
> mailboxes. However, emails sent from our own client are directly sent
> to the antivirus server bypassing this relay server. To tell you the
> truth, I am afraid to enable the command above on the mail server
> since this server also serves as a primary name server (I do not want
> this server to become heavily loaded just because I name resolving
> would be performed at every instant). Do I have any reason to worry
> and should enabling the above command not cause any drastic processing
> load on the server. Currently, only emails being sent from 'external'
> people are being round robined between the two antivirus servers. All
> emails being sent from our clients are being sent to the ip that is
> currently being cached in the name server. If the enabling of the
> command is the nscd.conf file will cause any loading, is there some
> other way how I can go around this problem, please?
> Preferably, I would like to have all emails being round-robinned
> between the two antivirus servers instead of just having them passing
> through one path.What I am after is redundancy and if round-robin does
> not function properly, I will not be achieving this desired redundancy
>
> Thank you in advance for any help
>
> Kevin Darcy <kcd at daimlerchrysler.com> wrote in message 
> news:<cu8k85$ssa$1 at sf1.isc.org>...
>> I'd guess something on your relay servers, e.g. nscd or the MTA 
>> itself,
>> is caching the DNS result. There's nothing in BIND you can do to fix
>> this. You'd need to find what is doing the caching, and turn off that
>> behavior, if possible.
>>
>>
>>                                           - Kevin
>>
>> Clade wrote:
>>
>>> Hi
>>>
>>> I work at an ISP. Currently all emails coming from the internet are
>>> first passing through two relay servers. These relay servers employ
>>> smart host to relay emails to an antivirus server after which they 
>>> are
>>> directed to our mail server to be delivered to our clients' malboxes.
>>> I have now implemented a second antivirus servers. In order to test
>>> its performance, I have removed all all of our domains, except for 
>>> one
>>> particular domain, from being relayed from one of our relay servers. 
>>> I
>>> have changed the sendmail.cf file of the relay server which is
>>> receieving emails for just one domain to round robin between the two
>>> antivirus servers. I performed the necessary changes in the zone file
>>> for this particular domain
>>>
>>> xxx  IN   60    A     yyyy.yyyy.yyyy.yyyy
>>> xxx  IN   60    A     zzzz.zzzz.zzzz.zzzz
>>>
>>> I also set mailertable for this domain to point to xxx.
>>>
>>> Last week I implemented this setup for testing. HOwever, I noticed
>>> that round robin was not occurring as I had wanted it to. All emails
>>> were being passed on to one of the antivirus servers for a long time
>>> (say almost two hours). AFter then, the emails were being sent to
>>> either the same server and or to the other antivirus server. I had 
>>> not
>>> desired such a behaviour. I had wanted the relay server to stay
>>> swutching between one antivirus server and the other. Am I doing
>>> anything wrong
>>>
>>> This morning, I removed the network connection to this new antivirus
>>> server (at a time when all emails were being sent to it) just to
>>> verify whether emails starting being sent to the other antivirus
>>> server. They did not. They wer just queued on the server.
>>>
>>> Is there some way how I can implement a ROUND-ROBIN method where
>>> emails are being sent cyclically from one server to another or to 
>>> just
>>> one server if the other server becomes faulty? From my 
>>> implementation,
>>> it appears as if the relay server is caching one ip and keeping it
>>> until it expires (even though I set a TTL of 60s as you can see from
>>> my configuration above). Then, when the TTL is expiring, the ip is
>>> searched for again and cached.
>>>
>>> Can someone please help?
>>>
>>> Thank you in advance for any help or hints that you will be able to
>>> give me. They are much appreciated.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
>
----
Drew Schatt

More information about the bind-users mailing list