DNS anycast node monitor
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 10 10:22:20 UTC 2015
On 09/04/15 15:50, Hillary Nelson wrote:
> Currently we have about 20 DNS servers sit behind two pairs of F5 LTM on
> campus, the two pairs of F5s using router injection for DNS virtual
> addresses. This setup is costly and we are trying to use direct anycast
> between router and server instead, with quagga and bgp.
Consider using exabgp. It can run scripts as a sub-process that echo
"advertise" and "withdraw" commands or toggle the status of a "watchdog"
which can be trivially used to do this kind of service check-based route
advertisement, and you don't have to actually change the OS routing
table (and incur an rndc reconfig) which is win IMO.
Example would be something like:
neighbour x.x.x.x {
peer-as ...
...
static {
route x.x.x.x/32 next-hop ... watchdog blah;
}
process foo {
run /usr/local/bin/...
}
}
...and your script would be:
#!/bin/sh
VIP="<the IP bind is anycasted on>
while true; do
# ensure we're talking to the local virtual IP
dig -b 127.0.0.1 @$VIP example.com soa >/dev/null 2>&1
if [ $? -eq 0 ]
then
echo announce watchdog blah
else
echo withdraw watchdog blah
fi
sleep 1
done
More information about the bind-users
mailing list