Failure detection to change A records - windows cache
Paul C
pcuttriss at hotmail.com
Wed Feb 9 06:43:59 UTC 2005
Nicolas Ecarnot wrote:
> Le 12-01-2005, Nicolas Ecarnot <nicolas.ecarnot at allussinan.org> écrivait :
>
>>Hi,
>>
>>I played with round-robin and this is working fine. But this does not
>>fit with our need of failure detection.
>>I'm looking for a way to test some services availaibility of some
>>hosts, to enable or disable A records.
>>
>>For example, I set up two ldap servers in our network.
>>On our DNS I run some knid of ldap watchdog, and when a ldap server
>>fails, the watchdog removes the A record for ldap.mycompany.com
>
>
> Another point on which I have doubts : the windows clients of our
> network are sending queries to ldap.mycompany.com
> First, they asked the DNS, then cached this answer.
> In case of failure of the first ldap server, my (not yet written)
> detection script updates the A entry and change it to target the backup
> ldap server.
>
> But on the next query, the windows clients may not ask the DNS, and
> still use the previous IP address stored in their cache...
>
> Am I worrying for good reasons ?
>
Depends on a couple of things.....
1 Do your windows clients AND their applications honour the TTL on the A
record.
2 If they honour the TTL, how long is the TTL you have set?
If you want a rapid failover then you may want to reduce the TTL as low
as, say, 10 seconds.
This way no client should cache the address for longer than ten seconds
before querying the DNS servers again. If you have carried out an update
in that time the new entry will be given back to the client.
That is the theory....I would be tempted to test it out though :-)
Paul Cuttriss
More information about the bind-users
mailing list