Date: Mon, 26 Oct 2009 17:13:47 -0600 From: Ray Still <rstill74@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: bind configuration issues Message-ID: <5e09dc040910261613x4d91116epf397bfc35955f65d@mail.gmail.com> In-Reply-To: <22794_1256588088_4AE60338_22794_16_1_70C0964126D66F458E688618E1CD008A08CCEE85@WADPEXV0.waddell.com> References: <19358_1256579715_4AE5E283_19358_105_1_70C0964126D66F458E688618E1CD008A08CCEE70@WADPEXV0.waddell.com> <5e09dc040910261155t641ae7bbu79bc08d735d69db6@mail.gmail.com> <21272_1256584114_4AE5F345_21272_1_1_70C0964126D66F458E688618E1CD008A08CCEE7C@WADPEXV0.waddell.com> <22794_1256588088_4AE60338_22794_16_1_70C0964126D66F458E688618E1CD008A08CCEE85@WADPEXV0.waddell.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, tell me just how nuts this idea is. To recap, two pipes, one destination. I set up second DNS server. ns1.example.com at 70.65..... (provider 1) ns2.example.com at 206.75....(provider 2) A records for example.org on ns1 will give 70.65..... on ns2 206.75.... if provider one goes down, ns1 is gone, ns2 is still available, and so is the route to the sites. It's not the best solution, but it's better than what I have. Am I missing something that's going to come back and bite me in the butt? Thanks, Ray On Mon, Oct 26, 2009 at 2:14 PM, Gary Gatten <Ggatten@waddell.com> wrote: > I googled "dns round robin failover" and there are many hits. =A0One inte= resting one is: > http://forums.devshed.com/dns-36/ha-using-round-robin----working-368800.h= tml > > It suggests well written apps / resolvers will try to use all ip's return= ed by the query starting with the preferred one, not JUST the preferred one= . =A0Which means, just by enabling round robin with multiple A records, you= MAY get some level of HA/Failover by default. =A0Cool, BUT, I wouldn't bet= my life on it. =A0I'd still have something that could tweak your DNS recor= ds based on packet loss, latency, etc. =A0What if your circuit is "up", but= is degraded by loss, latency (load induced or otherwise), etc. > > As you mentioned, something is better than nothing - so start simple and = go from there! > > HTH! > > G > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions= @freebsd.org] On Behalf Of Gary Gatten > Sent: Monday, October 26, 2009 2:07 PM > To: Ray Still; freebsd-questions@freebsd.org > Subject: RE: bind configuration issues > > I'm not intimate with bind, or anything/one actually - but that's another= story... > > Anyway, the gist is you need to "ping" some public hosts from your dns se= rver (or another system I guess, but easier if on the dns server). =A0One d= estination host would be reachable through one connection, and the other of= course would only be reachable through the alternate connection. =A0Maybe = use the primary DNS servers each upstream ISP provides to you? =A0Anyway, i= f both pings are OK, then your DNS server does round-robin for the host(s) = in question. =A0If one ping fails, then you stop handing out that IP. =A0Yo= u can for the route taken within ping itself, or use static host(/32) route= s, etc. > > Sounds simple huh? =A0It kinda is, and LONG ago I had a shell script to d= o just this, but it's gone - and maybe bind 9+ has some sort of this functi= onality available to you embedded in the bind code? =A0Don't know. =A0Even = if you have to write your own script to update your dns records based on yo= ur monitoring process it's not that hard even for a scripting novice such a= s myself! > > G > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions= @freebsd.org] On Behalf Of Ray Still > Sent: Monday, October 26, 2009 1:56 PM > To: freebsd-questions@freebsd.org > Subject: Re: bind configuration issues > > On Mon, Oct 26, 2009 at 11:55 AM, Gary Gatten <Ggatten@waddell.com> wrote= : >> >> You certainly don't "need" BGP for this, the DNS thing will work, but wi= ll be a bit kludgy and certainly not as ... "responsive" to failures - a la= query caching, TTL's and what not. >> >> ----- Original Message ----- >> From: owner-freebsd-questions@freebsd.org <owner-freebsd-questions@freeb= sd.org> >> To: Ray Still <rstill74@gmail.com> >> Cc: freebsd-questions@freebsd.org <freebsd-questions@freebsd.org> >> Sent: Mon Oct 26 12:50:56 2009 >> Subject: Re: bind configuration issues >> >> On Oct 26, 2009, at 10:03 AM, Ray Still wrote: >> > Hello, >> > I am adding a redundant Internet connection to my current hosting >> > setup and >> > I need to figure out how to set up the DNS to make this work. >> >> The two issues normally aren't related. >> >> If both connections are from the same provider, talk to them about >> multilink PPP; if they are from different providers, you need to look >> into multihoming and getting your own AS #. >> > > two different providers. > >> >> > Current setup: >> > freebsd 7.0 machine, one local IP address, runs web, mail, and name >> > server. >> > static ip address in router. >> > I have two DNS servers registered, but they both point to the same ip >> > address an the same machine. (Yes, I should have my fingers slapped.) >> > >> > Desired setup >> > same machine, one local IP address, runs web, mail, and name server. >> > different router (Linksys RV082) with 2 static ip address. >> >> In order to have redundancy, you need to have two real, separate >> machines, each of which is running BIND, each of which is on a >> separate routable IP.=A0 This is an orthogonal issue to setting up >> multiple Internet connections. > > Yes, In an ideal world I would do this. The two machines would also be > in separate buildings/cities/provinces/countries/planets > (pick your level of paranoia)=A0 ;) > However, reducing single points of failure is an improvement, even if > I can't eliminate them. > > >> >> > How do I set up bind so that >> > 1) bandwidth is shared between the two connections, >> > and >> > 2) if one goes down, the other keeps working. >> > I had a few ideas, but they all seem to have flaws. >> >> You can't set up BIND to control multilink aggregation and failover; >> that's not what it does. >> >> Regards, >> -- freebsd-questions@freebsd.org >> -Chuck >> > > Thanks for the replies. > Chuck, thanks for the keywords to search. Some of what I'm finding > looks like a solution for companies a lot bigger than me, but I'll > keep looking. > > Gary, can you give me any clues about how to do it with just DNS? Yes, > I do realize that this leaves single points of failure, but at least > they would be points that I could do something about if necessary. > > Thanks again, > Ray >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" >> >> "This email is intended to be reviewed by only the intended recipient an= d may contain information that is privileged and/or confidential. If you ar= e not the intended recipient, you are hereby notified that any review, use,= dissemination, disclosure or copying of this email and its attachments, if= any, is strictly prohibited. If you have received this email in error, ple= ase immediately notify the sender by return email and delete this email fro= m your system." > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > > > > > > <font size=3D"1"> > <div style=3D'border:none;border-bottom:double windowtext 2.25pt;padding:= 0in 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > =A0and may contain information that is privileged and/or confidential. > =A0If you are not the intended recipient, you are hereby notified that > =A0any review, use, dissemination, disclosure or copying of this email > =A0and its attachments, if any, is strictly prohibited. =A0If you have > =A0received this email in error, please immediately notify the sender by > =A0return email and delete this email from your system." > </font> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > > > > > > <font size=3D"1"> > <div style=3D'border:none;border-bottom:double windowtext 2.25pt;padding:= 0in 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > =A0and may contain information that is privileged and/or confidential. > =A0If you are not the intended recipient, you are hereby notified that > =A0any review, use, dissemination, disclosure or copying of this email > =A0and its attachments, if any, is strictly prohibited. =A0If you have > =A0received this email in error, please immediately notify the sender by > =A0return email and delete this email from your system." > </font> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5e09dc040910261613x4d91116epf397bfc35955f65d>