Load balancer for Bind
Warren Kumari
warren at kumari.net
Wed Sep 14 19:32:36 UTC 2016
I may be completely misunderstanding your question, but why not simply
do Anycast / ECMP?
Each DNS server has the same IP address (usually bound to the loopback
interface), and runs a (very simple) health-check script. If the
health-check passes the host injects a /32 route into the IGP (or a
private-AS BGP instance).
Your router already does ECMP, Anycast is already a really well known
/ understood technology - you are simply building an anycast network
with all nodes behind the same device.
Any "load balancer" will simply be an additional widget (and so point
of failure / state location / dos opportunity) between the router and
servers.
W
On Wed, Sep 14, 2016 at 2:30 PM, Frank Pikelner
<frank.pikelner at netcraftcommunications.com> wrote:
> Hello Bert,
>
> This is the first I've heard of DNSDIST. I'll need to read more about it, but wanted to ask whether upon receiving the query, does DNSDIST act as a bridge for the complete request/response, or simply redirects the traffic with the response bypassing DNSDIST?
>
> THanks,
>
> Frank
>
> ----- Original Message -----
> From: "bert hubert" <bert.hubert at netherlabs.nl>
> To: "Job" <Job at colliniconsulting.it>
> Cc: bind-users at lists.isc.org
> Sent: Wednesday, 14 September, 2016 13:43:59
> Subject: Re: Load balancer for Bind
>
> On Wed, Sep 14, 2016 at 06:17:13PM +0200, Job wrote:
>> which is the best load balancer for two or more Bind DNS Server, located in the same farm?
>> I read something about HAProxy but it does not manage udp connection and the interesting security proxy/balancer DnsDist does not pass original client ip for Bind-DLZ...
>
> Hi Francesco,
>
> dnsdist can transfer the original IP over EDNS Client Subnet (ECS).
> http://dnsdist.org/README/ has how this works.
>
> I don't know if BIND can make use of the original IP address though.
> PowerDNS geoipbackend can in any case. BIND is also an excellent choice.
>
> Good luck!
>
> Bert (one of the dnsdist authors)
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
More information about the bind-users
mailing list