global server load balancing with the domain name

[Phil Mayers]

On 14/04/17 22:40, McDonald, Daniel (Dan) wrote:

> That works fine for test.example.com.  But when I go to production, I
> need to do it for example.com

As others have noted, you can't delegate a single record from the apex.

tl;dr - vendor specific, as your GSLB vendor.

There are multiple solutions to this problem and most of them are 
(sadly) vendor-specific and certainly not anything to do with bind. You 
will probably want to speak to your GSLB vendor.

Briefly, you'll probably get told some combination of:

  1. Replace your authoritative servers with our GSLB entirely, we'll 
magically rewrite the apex query when we receive it.

  2. Put our GSLB servers in front of your authoritatives as a kind of 
reverse proxy, we'll magically blah

  3. Don't use the zone apex, or have it be a simple/stateless redirect 
to www.example.com (often a branding/comms no-no)

  4. Stick all the SLB IPs at the zone apex statically (or dynamically 
via e.g. script, DDNS, etc.)

  5. Use an authoritative server which will magically do this for you 
e.g. it supports a pseudo-record like ANAME or similar.

Probably the only thing relevant to bind is option #4 (which we actually 
do). You could write a script that update the zone apex A/AAAA records 
on a short schedule e.g. once a minute to keep it approximately "in 
sync" with the GSLB. Depending on what GSLB policies you're doing you 
might be able to replicate some of them (e.g. geo IP replies).