Can I have Inbound load balancing achieved with below settings

Mark Andrews marka at isc.org
Wed Nov 13 21:44:11 UTC 2013 

In message <aa8b9ac38f81c0220a198ff58ebca462 at tux.org>, Joseph S D Yao writes:
> On 2013-11-13 00:16, Manish Rane wrote:
> ...
> > 6.Assume if ISP1 goes down, client coming on ISP1 would never be able
> > to reach; hence as per DNS protocol will try for another link and 
> > come
> > on ISP2 and then probably get an IP address of Link 2 i.e. 2.2.2.2.
> ...
> 
> 
> I'm not sure about your DNS setup, because I didn't understand how you 
> described it.  But that doesn't matter.
> 
> Even if you 100% properly did what you intended to do, it breaks down 
> at step 6.  The DNS protocol definitions only go as far as saying what 
> your BIND DNS server will return.  Importantly (for this answer), it 
> does NOT say (a) what a remote user's caching/resolving name server will 
> actually do with your responses, or (b) what the actual application will 
> do with your responses.
> 
> If the application is an SMTP server or another DNS server then, yes, 
> BY THE DEFINITION OF THAT PROTOCOL, it will try again for another 
> server.

RFC 1123 (October 1989) applies to all applications on all hosts.
Note "SHOULD" and "until".

   2.3  Applications on Multihomed hosts

      When the remote host is multihomed, the name-to-address
      translation will return a list of alternative IP addresses.  As
      specified in Section 6.1.3.4, this list should be in order of
      decreasing preference.  Application protocol implementations
      SHOULD be prepared to try multiple addresses from the list until
      success is obtained.  More specific requirements for SMTP are
      given in Section 5.3.4.

      When the local host is multihomed, a UDP-based request/response
      application SHOULD send the response with an IP source address
      that is the same as the specific destination address of the UDP
      request datagram.  The "specific destination address" is defined
      in the "IP Addressing" section of the companion RFC [INTRO:1].

      Similarly, a server application that opens multiple TCP
      connections to the same client SHOULD use the same local IP
      address for all.
 
> If the application is a Web browser - which is likely, given that you 
> mention port 80, presumably TCP - then it will only look at one of the 
> two IP addresses [for almost all currently available Web browsers].  If 
> it gets a bad one, it will return the user an error.  Because that is 
> how THAT protocol is defined.  Most protocols are not defined to re-try 
> different servers.

No, there is no such requirement.  The browsers are just BROKEN if
they don't try all the offered addresses.  All browsers we were
written after RFC 1123 was published.

> What you are trying to do is what the F5 BigIP GTM does - only return 
> the IP address for a known-working site.  There's a reason that F5 can 
> sell those boxes - they work where doing this in pure DNS does not.
> 
> 
> Joe Yao
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list