BIND Suitability For Providing Failover Web Server Management
Kevin Darcy
kcd at daimlerchrysler.com
Mon Feb 27 23:55:47 UTC 2006
Matt Brooke wrote:
>I'm trying to find a low cost way of manging a situation which exists at the
>moment.
>
>I host a website on a .uk.com domain through a UK registrar. All requests
>for this website come through their name servers and through our firewall to
>arrive at a single machine which then serves the web site.
>
>However when the web site goes down we have no way of quickly changing to a
>back up server.
>
>The thinking I had was to use an internal DNS server for managing all the
>external dns names and appropriate web sites which are hosted. If for
>example one of the web servers was to fail the internal DNS server could be
>instantly switched over to a failover machine.
>
>Now the issue I have as to how this would be implemented if at all. Would
>the external DNS names need to have the nameservers changed to the new
>internal ones (red side accessible), adding the issue of a 6 hour update
>propogation or would i be able to route all traffic through the firewall to
>the dns server which would the route the traffic to the appropriate server
>which was up.'
>
OK, pet peeve of mine: DNS is not a *routing* protocol. Nothing *routes*
through DNS. DNS is a *mapping* or *translation* or a specialized
*database* protocol. Once the DNS client software gets an answer from
DNS, the job of the DNS server is basically *over*: the DNS client
software passes the information back as an address or multiple addresses
(typically) to the invoking app, which then makes an entirely
*independent* connection (I'm using "connection" loosely here; it could
actually be a connectionless transaction) to its target, without
involving DNS or the DNS server at all, at that point.
With that in mind, hopefully it's clear that you can do whatever you
want with your DNS infrastructure and it has no *direct* effect on your
webserver failover strategy. Because the connection from the client to
its target does not *route* through the DNS server -- it's a logically
separate thing.
At the risk of going off-topic, then, your basic challenge is to provide
web-server redundancy. I would say if the primary and backup webservers
are on the same subnet, then you should just re-address the backup as
the primary in case of failure (this should be scriptable). This
failover strategy therefore wouldn't involve DNS at all. Failing that,
you could implement DNS-based failover by automatically changing the A
and/or CNAME records for the relevant websites in case of failure. The
challenge there, however, is that the old information may be cached and
clients operating from cached data may continue to hammer on the dead
webserver. You can reduce the cache persistence of your own data by
reducing the TTL on the records, but it's rather anti-social to lower it
_too_much, solely for failover purposes, because you are increasing the
workload on your nameservers and the resolvers of everyone who is trying
to resolve those names, for an eventuality that hopefully will only
occur once in a great while. Another, kludgier option is to have the
relevant website names resolve to the addresses of *both* the primary
and backup webservers, with the backup webserver issuing an HTTP
redirect whenever it's not primary: in case of failure of the primary,
remove the redirect from the backup and start serving content. There are
other options, I'm sure, but I'm not a web infrastructure expert...
- Kevin
More information about the bind-users
mailing list