[135200] in North American Network Operators' Group
Re: Software DNS hghi availability and load balancer solution
daemon@ATHENA.MIT.EDU (William Herrin)
Tue Jan 18 13:47:33 2011
In-Reply-To: <AANLkTimyQDGp9fBiuVE3FEhSJKo-8jzrXHUF+1+aYqpX@mail.gmail.com>
From: William Herrin <bill@herrin.us>
Date: Tue, 18 Jan 2011 13:45:30 -0500
To: Sergey Voropaev <serge.devorop@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Jan 18, 2011 at 12:42 PM, Sergey Voropaev
<serge.devorop@gmail.com> wrote:
> Does any one know software sollutions (free is preferable) like as cisco =
GSS
> and F5 BIG-IP? The main point is that DNS-server (or dns server plugin) m=
ust
> be able to monitor server availability (for example by TCP connect) and f=
rom
> DNS-reply depends on it.
Sergey,
I have no suggestions that directly answer your question. I'd write a
script against bind myself. But if you're trying to fail over a web
server, you're walking into a nasty trap.
"DNS pinning" obstructs web browsers from finding a server on an
alternate IP address regardless of the DNS TTL. The core issue is that
allowing a browser running javascript to connect to a server other
than the one from which the script came is a gigantic security hole.
Someone realized you could do that by changing the IP address the host
name pointed to, so now there's a convoluted and not entirely
standardized set of rules for when and whether the browser allows it.
Net result is that in some cases a user's long-running browser will
indefinitely ignore the change you made to the DNS. I've seen such
things persist for months.
For better or for worse, the way you -reliably- fail over a web server
is with routing and middleboxes like a load balancer.
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
