[16582] in Kerberos_V5_Development
RE: Kerberized NFS (GSS-API) problem with multiple-IP Address and
daemon@ATHENA.MIT.EDU (Frank Cusack)
Mon Jan 10 22:17:20 2011
Date: Mon, 10 Jan 2011 19:17:13 -0800
From: Frank Cusack <frank+krb@linetwo.net>
To: sandeep patil <san_patil@hotmail.com>
Message-ID: <069838398B068082BA8911FC@cusack.local>
In-Reply-To: <bay156-w22F39D16CC3B2F5AD1E1268C0F0@phx.gbl>
MIME-Version: 1.0
Content-Disposition: inline
Cc: krbdev <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 1/11/11 2:51 AM +0000 sandeep patil wrote:
>
> Thanks all for your suggestions.
>
> Warload - well the problem is having one - name.example.com results in
> multiple IP Addresses. As rightly pointed out by frank.
>
>> You did make me think of another solution. Force the use of TCP. That
>> won't be 100% reliable (depends on client implementation) but it might
>> be good enough.
>
> Why would forcing it to TCP help ? Any Clue/advice ..
>
>>> The typical way to handle this is with the automounter. With
>>> automounted NFS filesystems, you can specify multiple NFS servers per
>>> mount, and the client picks one and sticks with it.
> This may not work as even if we are able to have an NFS client stick to a
> single NFS server, the kerberized part of NFS which inturn calls GSS-API
> internally does a host lookup (almost everytime) and contacts the DNS for
> an IP and ends up with a new IP each time. :-(
Ah, right. So the TCP idea wouldn't work either.
>>> Or instead of a load balancer it could be a load
>>> balanced DNS server (gives only a single IP address but a different
>>> one per client).
> This could work but will need enhancements at the DNS server side unless
> its inhirently supported by DNS, no clue there . Any input ?
There are several examples of load balanced DNS servers. You could
write it yourself in Perl/Python without *too much* difficulty. But
I'd probably opt to go with something like tinydns
(<http://cr.yp.to/djbdns/tinydns-data.html>). Set your TTLs to 0
and write a monitoring tool around it to take servers that are down
out of the DNS rotation. Just delegate .nfs.dom.ain to your special
dns server.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
