From owner-freebsd-questions Wed Jun 5 13:14:10 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA29007 for questions-outgoing; Wed, 5 Jun 1996 13:14:10 -0700 (PDT) Received: from mistery.mcafee.com (jimd@mistery.mcafee.com [192.187.128.69]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id NAA28999 for ; Wed, 5 Jun 1996 13:14:05 -0700 (PDT) Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id NAA01704; Sat, 5 Jun 2010 13:07:44 -0700 From: Jim Dennis Message-Id: <201006052007.NAA01704@mistery.mcafee.com> Subject: INFO: BIND suports round robin: No need to Rebuild To: freebsd-questions@freebsd.org (FreeBSD Questions) Date: Sat, 5 Jun 110 13:07:44 -0700 (PDT) Cc: support@ora.com X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk All, Awhile back I asked about building the latest version of BIND under FreeBSD. I've finally gotten back to that project and done some quick tests. Verdict: There is no need for me to rebuild BIND to support "round robin DNS" (I was disappointed that no one responded on the list -- and that I couldn't find any info on this in the man pages, on line list archives or online manuals. O'Reilly's "cricket" book doesn't cover "round robin" at all -- as far as I know) I have to assume from the lack of response that my original message was too confusing (likely) or that no one on the list understood the problem (less likely) or that no one on the list knows what I mean by "round robin DNS" (no way!). Basically round robin DNS allows one to do a crude load balancing across multiple mirrored servers. Basically you configure the authoritative DNS servers for a zone with multiple A records like so: ftp IN A 192.168.100.10 ftp IN A 192.168.100.11 ftp IN A 172.24.100.100 (I'm just using arbitrary addresses from RFC 1918 for these examples). Now the first DNS request to resolve ftp.foobar.org returns the ...10 address, the next one returns the ...11 address and the next one returns the last address. Then the cycle continues. This tends to balance the across the machines. In practice this is fine for something like ftp (which can represent a very high load on the server before you run out of bandwidth or CPU) but would probably be disasterous for something like a mail listener (MX records do this more cleanly anyway) or any situation where users will be updating information on the server -- and there are no shared filesystems between them. In other words this works for a group of hosts running a *limited* set of public services. You can also create a series of unique names for each host in the group (which I call a "round robin ring" or just a ring for short). I do this with A records like so: ftphost1 IN A 192.168.100.10 ftphost2 IN A 192.168.100.11 ftphost3 IN A 172.24.100.100 (which probably is bad form and may violate some RFC -- but works for me here). I then use rdist (soon to be done *over* ssh) to do updates to the servers (using their unique names). And a mirror script to pull files from the ~ftp/incoming directories to a group of central, internal repositories. I'll be experimenting with some scripts to do "fail over." This would set up each machine in the group to "watch" (poll?) the other servers (or set up an extra machine to watch all the members of the ring), and add an alias to any host in the ring that fails. (Later, when the host comes back up -- it binds an address unique to it, and communicates with the host that took over for it -- to do an automated hand off back). I obviously haven't worked out the details of this "fail over" stuff yet -- but we machines have been pretty stable recent -- so, hopefully, it won't be a priority. If anyone has comments, criticisms, or suggestions regarding any of this, please feel free to drop me a line. I'm really just making this stuff up as I go along. I'd especially be interested in any RFC's, white papers, or references to simple, non-proprietary load balancing and fail over tools and techniques (for ftp, www, mail, and related services). Jim Dennis, System Administrator, McAfee Associates