1 CDNS-Geo Delivery Management through Global Server Load Balancing with CommunityDNS
2 Table of Contents What is Global Server Load Balancing?...3 Does CommunityDNS support GSLB, if so how?...3 How it works...3 An example...4 Other issues...5 FAQ...5 What if I also use a different DNS provider?...5 What happens if I sign my zone?...6 How can I test this service?...6 CDNS-Geo: 2
3 What is Global Server Load Balancing? For a very large web site, it is common for the site to be run on multiple machines at multiple geographic locations. So what an organisation will want to do is balance the load on those servers with sensitivity to the physical location of the visitor to the site. This is Global Server Load Balancing. Does CommunityDNS support GSLB, if so how? Yes, CommunityDNS can support geo-sensitive DNS allowing you to make different DNS replies to clients in different locations based on their country of origin. CommunityDNS does not support making decisions about which servers are receiving the most load and giving different DNS responses based on the server load. How it works The CommunityDNS GSLB works by using the DNS CNAME Resource Record to tell you which country the DNS request has come from. Using this information you can decide what answer you wish to respond to the user with. Note, it is perfectly valid that, to some countries, you may wish to respond with valid data, while to others you can respond with NXDOMAIN (host does not exist). The way the system works is that our servers will look for a CNAME that starts --.gslb.<domain> and will substitute the leading -- for the two character ISO3166 country code. Note, true ISO3166 country code are used, so (for example) Greece is GR and the United Kingdom is GB. For more information in ISO3166 codes please go to :- The database of IP Address to ISO code translation is obtained from MaxMind. A lite version of the database can be obtained from :- For corrections, please refer to MaxMind directly. CDNS-Geo: 3
4 An example The easiest way to understand the system is by way of an example, so lets say we have the web site which has one server in the US and one in the UK. The server in the UK is to serve clients in the Europe Union and the server in the US is to serve the rest of the world. in the zone file for example.com we have :- www IN CNAME --.gslb BE.gslb IN CNAME BG.gslb IN CNAME CZ.gslb IN CNAME DK.gslb IN CNAME DE.gslb IN CNAME EE.gslb IN CNAME IE.gslb IN CNAME GR.gslb IN CNAME ES.gslb IN CNAME FR.gslb IN CNAME IT.gslb IN CNAME CY.gslb IN CNAME LV.gslb IN CNAME LT.gslb IN CNAME LU.gslb IN CNAME HU.gslb IN CNAME MT.gslb IN CNAME NL.gslb IN CNAME AT.gslb IN CNAME PL.gslb IN CNAME PT.gslb IN CNAME RO.gslb IN CNAME SI.gslb IN CNAME SK.gslb IN CNAME FI.gslb IN CNAME SE.gslb IN CNAME GB.gslb IN CNAME *.gslb IN CNAME IN A IN A When the request comes to us for we will see that the answer is a CNAME and it starts with --.gslb. and we will automatically substitute the user's ISO country code. So, say the request came from Russia, then the answer to that request would be exactly CDNS-Geo: 4
5 equivalent to the static record :- www IN CNAME RU.gslb At no time will the end user see any name containing gslb, all CNAME records are automatically translated by the resolver they are using, so all their web client will end up seeing is the appropriate IP Address. Other issues If the country code is returned as 00 (<zero><zero>) this means we have been unable to determine the country of origin of the user's IP Address. It is most likely this is because the IP Address in question is not in the database. Multi-national ISPs and Hosting companies often move their IP Address blocks around their network including from one country to another. Therefore all IP Address based Geo-Location databases will have some degree of inaccuracy to them. Please contact MaxMind directly to have these issues corrected. The source IP Address of the DNS request we see will not be that of the end user's PC itself, but will be the source IP Address of resolver they are using. This will usually be automatically provided by the ISP. Therefore the country of origin will be determined according to the IP Address of the resolver the end user is using. This is unavoidable and common to all DNS based GSLB solutions. Efforts are under way to provide a standard for passing the end user's IP Address through the resolver to the DNS server, however, this is still work in progress and has significant issues associated with it. FAQ What if I also use a different DNS provider? Currently there is no standard for providing GSLB information. The technique we have used, although widely documented, is by no means the only method. To make your zone file compatible with a DNS provider who does not provide any geo-location services, all you need to do is create an address or CNAME record for the unlikely hostname -- and users who hit the non-geo-location DNS service will be directed according to that record. Alternatively, as in our example above, create a wild-card record. This is always useful as ISO country codes do change and it will give your zone a catch-all to ensure everybody always gets the name resolved. Note, we will never give out the answer --. If we are unsure of their country of origin we will give their resolver the answer 00 (<zero><zero>). Therefore you can be sure, if CDNS-Geo: 5
6 they have been directed to the IP Address given by your -- record it was because their DNS request was resolved by a server other than one of ours. What happens if I sign my zone? In order to be able to substitute the country code into the answer of a DNS request we have to be able to modify the DNS results data. This means, if that data had been signed, it would fail verification. Therefore, if your zone is signed, it is necessary for you to define gslb as an unsigned subdomain. In our example above, the resulting IP addresses which are sent to the end user, tied to the names and would still be in the parent zone and therefore signed and subject to DNSSEC verification. Note also, it is only necessary for us to host the zone that contains the --.gslb. record therefore, if gslb as been defined as a sub-domain, we only need to host that one subdomain. It is not necessary for us to host the parent zone itself. How can I test this service? We have set up the test host - if you request this name from one of our servers, the reply you get will indicate to you what we think the country of origin of your IP Address is. For example :- $ GB.gslb.geoip.cdns.net. In this example test we ran the dig command from the UK. Note, because you are talking directly to one of our servers, the answer you get will be determined according to your own IP Address, as opposed to the IP Address of the resolver you are using. This is not normally what would happen (see above). If you run the command again, but this time targeted at your default resolver, but asking for a TXT record you should get a description of the country of origin of your resolver. $ dig +short txt GB.gslb.geoip.cdns.net. "UNITED KINGDOM" Again, example was run from the UK. On a Windows PC, the same test can be done using the command nslookup :- c:\> nslookup -type=txt CDNS-Geo: 6
7 To create this result, because cdns.net is a signed zone, we created the sub-domain geoip.cdns.net, which is unsigned, then within it created the records :- www in cname --.gslb GB.gslb IN TXT "UNITED KINGDOM" Note, although dig and nslookup will show us the gslb records, an end user would not normally be aware of them. CDNS-Geo: 7
BACKUPS FAQ Why Backup? Backup Location Net Connections Programs Schedule Procedures Frequently Asked Questions I do a backup once a week and sometimes longer, is this sufficient? In most cases, I would
CenturyLink Smart IP Hosted Voice and Data Administrator Guide Document ID VPM5310002 October 1, 2009 TABLE OF CONTENTS 1. Introduction... 6 1.1 Purpose of this Guide... 6 1.2 Other Guides... 6 1.3 Phones
InfoWorks 11.5 RS Free Edition Release Notes Page 1 of 6 1. Introduction This document contains information on installing the InfoWorks RS Free Edition and associated software, and information relating
Skype Manager User Guide Version 3.0 Copyright Skype Limited 2011 About this guide Skype Manager is a web-based management tool that lets you centrally manage Skype for businesses of any size. This guide
4. Client-Level Administration Introduction to Client Usage The Client Home Page Overview Managing Your Client Account o Editing Your Client Record View Account Status Report Domain Administration Page
THE BASICS Getting Spousal Support in New York State In this booklet, we call the person who receives support the wife or ex-wife. And we call the person who pays support the husband or ex-husband. This
I nt er netload Bal anc i nggui de Peplink Balance Internet Load Balancing Solution Guide http://www.peplink.com Copyright 2010 Peplink Internet Load Balancing Instant Improvement to Your Network Introduction
Using WhatCounts Publicaster Edition To Send Transactional Emails 1 DEFINITION Transactional email by definition is any message in which the primary purpose facilitates an already agreed-upon transaction
Citi Secure Email Program Receiving Secure Email from Citi For External Customers and Business Partners Protecting the privacy and security of client information is a top priority at Citi. Citi s Secure
PORTA ONE Porta SIP TM Administrator Guide Maintenance Release 16 www.portaone.com Porta SIP PortaSIP Administrator Guide Copyright Notice & Disclaimers Copyright 2000-2007 PortaOne, Inc. All rights reserved.
Summary The aim of this article is to present some basic information about Small Business Server 2003 and how it can fit in with your business. Topics What is Small Business Server? (also known as SBS)
MAINE FREQUENTLY ASKED QUESTIONS (FAQ) SUPPLIER TECHNICAL WORKSHOP This document will be made available at all future technical workshops and will be posted to the following URL: http://www.cmpco.com/cep/ebtedi
ISDNLink INET-800 ISDN Router User s Guide FCC Statement: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful
Getting Started with Zeus Web Server 4.3 Zeus Technology Limited - COPYRIGHT NOTICE Zeus Technology Limited 2004. Copyright in this documentation belongs to Zeus Technology Limited. All rights are reserved.
Information Systems Services Getting Started with Enterprise Vault Email Archiving March 2008 Contents 1. Introduction... 3 2. Supported operating systems, email clients and browsers... 3 3. Getting started
With hundreds of Help Desk software packages available, how do you choose the best one for your company? When conducting an Internet search, how do you wade through the overwhelming results? The answer
Logi Ad Hoc Reporting Troubleshooting Scheduling Failure Version 10 Last Updated: April 2011 General Configuration Overview The execution and delivery of scheduled reports is one of the more complicated
Summary When implementing Monitoring and Alerting part of Server Management suite. The following items are areas that should be reviewed. It is important to start to monitor what you need and add/build
Quick Start Guide Copyright Wasp Barcode Technologies 2014 No part of this publication may be reproduced or transmitted in any form or by any means without the written permission of Wasp Barcode Technologies.
DocuSign Quick Start Guide In Person Signing Overview The In Person Signing feature lets you use the DocuSign Service for electronic signatures even if the signer does not have access to email or a computer.
Why Should I Archive? Your Microsoft Outlook mailbox grows as you create and receive items (item: An item is the basic element that holds information in Outlook (similar to a file in other programs). Items