CDNS-Geo. Authoritative DNS Delivery Management. through Global Server Load Balancing with CommunityDNS



Similar documents
How to set up the Integrated DNS Server for Inbound Load Balancing

DNS. Computer Networks. Seminar 12

How to Configure the Windows DNS Server

Configuring an External Domain

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

Global Server Load Balancing (GSLB) Concepts

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

Talk-101 User Guide. DNSGate

OpenSRS Service DNS Configuration Guide

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

DNS Record Information for the Pushex Exchange server

ARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table

Configuring a Domain to work with your Server

Domain Name System (DNS) Services

Getting Started with AWS. Hosting a Static Website

Section 1 Overview Section 2 Home... 5

Installing and Setting up Microsoft DNS Server

How to Add Domains and DNS Records

Active Directory Integration: Install and Setup Guide. Insights

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

Non-authoritative answer: home.web.cern.ch canonical name = drupalprod.cern.ch. Name: drupalprod.cern.ch Address:

Using Webmin and Bind9 to Setup DNS Sever on Linux

How To Guide Edge Network Appliance How To Guide:

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

Switching Your DNS WiredTree

- Domain Name System -

Copyright

Self Help Guide IMPORTANT! Configuring Your Router With Your Modem. Please read the following carefully; This Guide refers to the following Products:

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

Wazza s QuickStart 1. Leopard Server - Install & Configure DNS

what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference

Global Service Loadbalancing & DNSSEC. Ralf Brünig Field Systems Engineer r.bruenig@f5.com DNSSEC

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

DNS and Interface User Guide

Enterprise. Insights. Active Directory Integration: Installation and Setup Guide. v1.0.5

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

Lecture 2 CS An example of a middleware service: DNS Domain Name System

How to Configure Split DNS

A versatile platform for DNS metrics with its application to IPv6

Getting Started with AWS. Hosting a Static Website

INTERNET DOMAIN NAME SYSTEM

ITIS 2110 Lab 11: Domain Name Server. Tyler Everhart 11/12/2010

How to connect your new virtual machine to the Internet

Application and service delivery with the Elfiq idns module

Applied Network Services. Janet Services for Resilience. Andrew Davis Network Services Coordinator

Understanding DNS (the Domain Name System)

ECE 4321 Computer Networks. Network Programming

Active Directory: Setup Guide for Umbrella. Active Directory

Enterprise Architecture Office Resource Document Design Note - Domain Name System (DNS)

Domain Name System Security

SI455 Advanced Computer Networking. Lab2: Adding DNS and Servers (v1.0) Due 6 Feb by start of class

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

FAQ (Frequently Asked Questions)

My Services Online Service Support. User Guide for DNS and NTP services

State of the Cloud DNS Report

SME- Mail to SMS & MMS Gateway with NowSMS Quick Start Guide

Installation of MicroSoft Active Directory

cpanel installation guide for CloudFlare certified partners

Getting Started with AWS. Static Website Hosting

The Use of DNS Resource Records

State of the Cloud DNS Report

1 PC to WX64 direction connection with crossover cable or hub/switch

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

A Layman's Guide to Global Server Load Balancing

Citrix NetScaler Global Server Load Balancing Primer:

Networking Domain Name System

Internet Load Balancing Guide. Peplink Balance Series. Peplink Balance. Internet Load Balancing Solution Guide

ETRX2 and ETRX357 Wireless Mesh Networking Modules. Application Note Accessing Modules over the Internet

CS3600 SYSTEMS AND NETWORKS

Domain Name System (DNS) Fundamentals

File transfer and login using IPv6, plus What to do when things don t work

LinkProof DNS Quick Start Guide

Fundraising Pro Custom URL (Domain Name) and Custom Sender

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)

The secret life of a DNS query. Igor Sviridov <sia@nest.org>

HW9 WordPress & Google Analytics

Internet-Praktikum I Lab 3: DNS

Names & Addresses. Names & Addresses. Names vs. Addresses. Identity. Names vs. Addresses. CS 194: Distributed Systems: Naming

Wireshark Lab: DNS. 1. nslookup

Configuring a VPN for Dynamic IP Address Connections

DNS Root NameServers

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Table of Contents. This whitepaper outlines how to configure the operating environment for MailEnable s implementation of Exchange ActiveSync.

Domain Name Service (DNS) Training Division, NIC New Delhi

Guardian Digital Secure Mail Suite Quick Start Guide

Creating "Origin Pull" on Akamai (1)

CipherMail Gateway Quick Setup Guide

Wireshark Lab: DNS v6.01

Setting Up Internet Access with the Swann DVR4Net PCI Card

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

CS3250 Distributed Systems

ExamPDF. Higher Quality,Better service!

Copyright Notice. ISBN: N/A Parallels 660 SW 39th Street Suite 205 Renton, Washington USA Phone: +1 (425) Fax: +1 (425)

Transcription:

CDNS-Geo Delivery Management through Global Server Load Balancing with CommunityDNS

Table of Contents What is Global Server Load Balancing?...3 Does CommunityDNS support GSLB, if so how?...3 How it works...3 An example...4 Other issues...5 FAQ...5 What if I also use a different DNS provider?...5 What happens if I sign my zone?...6 How can I test this service?...6 CDNS-Geo: 2

What is Global Server Load Balancing? For a very large web site, it is common for the site to be run on multiple machines at multiple geographic locations. So what an organisation will want to do is balance the load on those servers with sensitivity to the physical location of the visitor to the site. This is Global Server Load Balancing. Does CommunityDNS support GSLB, if so how? Yes, CommunityDNS can support geo-sensitive DNS allowing you to make different DNS replies to clients in different locations based on their country of origin. CommunityDNS does not support making decisions about which servers are receiving the most load and giving different DNS responses based on the server load. How it works The CommunityDNS GSLB works by using the DNS CNAME Resource Record to tell you which country the DNS request has come from. Using this information you can decide what answer you wish to respond to the user with. Note, it is perfectly valid that, to some countries, you may wish to respond with valid data, while to others you can respond with NXDOMAIN (host does not exist). The way the system works is that our servers will look for a CNAME that starts --.gslb.<domain> and will substitute the leading -- for the two character ISO3166 country code. Note, true ISO3166 country code are used, so (for example) Greece is GR and the United Kingdom is GB. For more information in ISO3166 codes please go to :- http://www.iso.org/iso/support/country_codes/iso_3166_code_lists/ The database of IP Address to ISO code translation is obtained from MaxMind. A lite version of the database can be obtained from :- http://www.maxmind.com/download/geoip/database/geoipcountrycsv.zip For corrections, please refer to MaxMind directly. CDNS-Geo: 3

An example The easiest way to understand the system is by way of an example, so lets say we have the web site www.exmaple.com which has one server in the US and one in the UK. The server in the UK is to serve clients in the Europe Union and the server in the US is to serve the rest of the world. in the zone file for example.com we have :- www IN CNAME --.gslb BE.gslb IN CNAME www.eu BG.gslb IN CNAME www.eu CZ.gslb IN CNAME www.eu DK.gslb IN CNAME www.eu DE.gslb IN CNAME www.eu EE.gslb IN CNAME www.eu IE.gslb IN CNAME www.eu GR.gslb IN CNAME www.eu ES.gslb IN CNAME www.eu FR.gslb IN CNAME www.eu IT.gslb IN CNAME www.eu CY.gslb IN CNAME www.eu LV.gslb IN CNAME www.eu LT.gslb IN CNAME www.eu LU.gslb IN CNAME www.eu HU.gslb IN CNAME www.eu MT.gslb IN CNAME www.eu NL.gslb IN CNAME www.eu AT.gslb IN CNAME www.eu PL.gslb IN CNAME www.eu PT.gslb IN CNAME www.eu RO.gslb IN CNAME www.eu SI.gslb IN CNAME www.eu SK.gslb IN CNAME www.eu FI.gslb IN CNAME www.eu SE.gslb IN CNAME www.eu GB.gslb IN CNAME www.eu *.gslb IN CNAME www.us www.eu IN A 1.2.3.4 www.us IN A 5.6.7.8 When the request comes to us for www.exmaple.com we will see that the answer is a CNAME and it starts with --.gslb. and we will automatically substitute the user's ISO country code. So, say the request came from Russia, then the answer to that request would be exactly CDNS-Geo: 4

equivalent to the static record :- www IN CNAME RU.gslb At no time will the end user see any name containing gslb, all CNAME records are automatically translated by the resolver they are using, so all their web client will end up seeing is the appropriate IP Address. Other issues If the country code is returned as 00 (<zero><zero>) this means we have been unable to determine the country of origin of the user's IP Address. It is most likely this is because the IP Address in question is not in the database. Multi-national ISPs and Hosting companies often move their IP Address blocks around their network including from one country to another. Therefore all IP Address based Geo-Location databases will have some degree of inaccuracy to them. Please contact MaxMind directly to have these issues corrected. The source IP Address of the DNS request we see will not be that of the end user's PC itself, but will be the source IP Address of resolver they are using. This will usually be automatically provided by the ISP. Therefore the country of origin will be determined according to the IP Address of the resolver the end user is using. This is unavoidable and common to all DNS based GSLB solutions. Efforts are under way to provide a standard for passing the end user's IP Address through the resolver to the DNS server, however, this is still work in progress and has significant issues associated with it. FAQ What if I also use a different DNS provider? Currently there is no standard for providing GSLB information. The technique we have used, although widely documented, is by no means the only method. To make your zone file compatible with a DNS provider who does not provide any geo-location services, all you need to do is create an address or CNAME record for the unlikely hostname -- and users who hit the non-geo-location DNS service will be directed according to that record. Alternatively, as in our example above, create a wild-card record. This is always useful as ISO country codes do change and it will give your zone a catch-all to ensure everybody always gets the name resolved. Note, we will never give out the answer --. If we are unsure of their country of origin we will give their resolver the answer 00 (<zero><zero>). Therefore you can be sure, if CDNS-Geo: 5

they have been directed to the IP Address given by your -- record it was because their DNS request was resolved by a server other than one of ours. What happens if I sign my zone? In order to be able to substitute the country code into the answer of a DNS request we have to be able to modify the DNS results data. This means, if that data had been signed, it would fail verification. Therefore, if your zone is signed, it is necessary for you to define gslb as an unsigned subdomain. In our example above, the resulting IP addresses which are sent to the end user, tied to the names www.eu and www.us, would still be in the parent zone and therefore signed and subject to DNSSEC verification. Note also, it is only necessary for us to host the zone that contains the --.gslb. record therefore, if gslb as been defined as a sub-domain, we only need to host that one subdomain. It is not necessary for us to host the parent zone itself. How can I test this service? We have set up the test host www.geoip.cdns.net - if you request this name from one of our servers, the reply you get will indicate to you what we think the country of origin of your IP Address is. For example :- $ dig @194.0.1.1 www.geoip.cdns.net GB.gslb.geoip.cdns.net. In this example test we ran the dig command from the UK. Note, because you are talking directly to one of our servers, the answer you get will be determined according to your own IP Address, as opposed to the IP Address of the resolver you are using. This is not normally what would happen (see above). If you run the command again, but this time targeted at your default resolver, but asking for a TXT record you should get a description of the country of origin of your resolver. $ dig +short www.geoip.cdns.net txt GB.gslb.geoip.cdns.net. "UNITED KINGDOM" Again, example was run from the UK. On a Windows PC, the same test can be done using the command nslookup :- c:\> nslookup -type=txt www.geoip.cdns.net CDNS-Geo: 6

To create this result, because cdns.net is a signed zone, we created the sub-domain geoip.cdns.net, which is unsigned, then within it created the records :- www in cname --.gslb GB.gslb IN TXT "UNITED KINGDOM" Note, although dig and nslookup will show us the gslb records, an end user would not normally be aware of them. CDNS-Geo: 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information