DNS based Load Balancing with Fault Tolerance



Similar documents
- Domain Name System -

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

Application and service delivery with the Elfiq idns module

Advanced DNS Course. Module 4. DNS Load Balancing

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

ECE 4321 Computer Networks. Network Programming

How to set up the Integrated DNS Server for Inbound Load Balancing

netkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)

DNS Session 4: Delegation and reverse DNS. Joe Abley AfNOG 2006 workshop

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Understanding DNS (the Domain Name System)

Copyright

Creating a master/slave DNS server combination for your Grid Infrastructure

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Computer Networks: Domain Name System

DNS and BIND. David White

How to Add Domains and DNS Records

Introduction to the Domain Name System

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

Application Protocols in the TCP/IP Reference Model

DNS + DHCP. Michael Tsai 2015/04/27

Configuring an External Domain

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

IPv6 support in the DNS

The Use of DNS Resource Records

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

DNS. Computer Networks. Seminar 12

Simple DNS Configuration Example

How to Configure Split DNS

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

DNS Pharming Attack Lab

Switching Your DNS WiredTree

DNS and Interface User Guide

Services: DNS domain name system

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Remote DNS Cache Poisoning Attack Lab

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

The Domain Name System

Zimbra :: The Leader in Open Source Collaboration. Administrator's PowerTip #3: June 21, 2007 Zimbra Forums - Zimbra wiki - Zimbra Blog

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

Using Webmin and Bind9 to Setup DNS Sever on Linux

DNS : Domain Name System

Introduction to DNS and Application Issues related to DNS. Kirk Farquhar

Configuring a Domain to work with your Server

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

Configuring DNS. Finding Feature Information

Domain Name Server. Training Division National Informatics Centre New Delhi

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

DNS Root NameServers

Introduction to DNS CHAPTER 5. In This Chapter

Network Working Group. Category: Best Current Practice S. Bradner Harvard University M. Patton Consultant July 1997

Managing DNS Server Properties

Module 2. Configuring and Troubleshooting DNS. Contents:

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

DNS Domain Name System

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Domain Name System

How-to: DNS Enumeration

Tunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer

Configuring the BIND name server (named) Configuring the BIND resolver Constructing the name server database files

Understanding DNS By Robert Sterler

Table of Contents. This whitepaper outlines how to configure the operating environment for MailEnable s implementation of Exchange ActiveSync.

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

DNS/DHCP Administration Guide for Linux

Leveraging Best Practices for SolarWinds IP Address Manager

How To Guide Edge Network Appliance How To Guide:

Global Service Loadbalancing & DNSSEC. Ralf Brünig Field Systems Engineer r.bruenig@f5.com DNSSEC

DNS zone transfers from FreeIPA to non-freeipa slave servers

The Domain Name System

2 HDE Controller X DNS Server Manual

Domain Name System Security

IP addresses have hierarchy (network & subnet) Internet names (FQDNs) also have hierarchy. and of course there can be sub-sub-!!

DNS Service on Linux. Supawit Wannapila CCNA, RHCE

An Introduction to the Domain Name System

WebSphere DataPower Release DNS Enhancements

Parallels Plesk Automation

cpanel installation guide for CloudFlare certified partners

Parallels Panel. Parallels Small Business Panel 10.2: Administrator's Guide. Revision 1.0

Domain Name System (DNS) Services

netkit lab Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.

walkthrough Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version 1.

Creating Custom Nameservers Contents

Copyright Notice. ISBN: N/A Parallels 660 SW 39th Street Suite 205 Renton, Washington USA Phone: +1 (425) Fax: +1 (425)

CS3250 Distributed Systems

Use Domain Name System and IP Version 6

How to Configure DNS Zones

SI455 Advanced Computer Networking. Lab2: Adding DNS and Servers (v1.0) Due 6 Feb by start of class

Transcription:

DNS based Load Balancing with Fault Tolerance by Kåre Presttun, Oslo, Norway Kare@Presttun.org Introduction There are several load-balancing systems on the market. They range from local switch based load balancers to sophisticated appliances measuring server performance and distributing load according to available resources. Many sites also use DNS (Domain Name System based load balancing using round-robin DNS. Some of the sophisticated techniques are rather expensive, while roundrobin DNS does not give the fault tolerance one would like to have. This brief note describes a way to achieve both load balancing and fault tolerance using purely DNS techniques. It can therefore be implemented with minimum cost. Idea Outline The traditional round-robin DNS load balancing is achieved by assigning the hostname, say www.example.com, one IP address per server one want to balance the load across. Each time the DNS server is queried it returns the IP addresses in a different sequence in a round-robin fashion. The free DNS server BIND (Berkley Internet Name Domain which is maintained by ISC (Internet Software Consortium supports this in addition to fixed sequence and random sequence (using rrset-order. Se a discussion about load balancing at the ISC site: http://www.isc.org/products/bind/docs/bind-load-bal.html. If one balances over several hosts, and one of them is down, a certain part of the users will meet a dead service. This is normally not desirable. The idea is to use the fault tolerance inherent in the DNS system (the idea came along while reading some white papers at http://www.radware.com/ and the Lisa- 95 paper [3]. So the root servers delegate example.com to the DNS servers of example.com, say dns1.examle.com and dns2.examle.com. The DNS servers of example.com further delegate www.example.com as a sub-domain to DNS servers running on the web servers themselves (dns1www.expample.com and dns2www.example.com. These servers have a very short TTL set in the zone (typical 10s, and they only resolve the zone www.example.com to their own IP address. 2002-08-18-1 -

What happens is that the client will try to resolve www.example.com via some name-server close to it which will locate dns1 and dns2 of the example.com domain. The query will be referred to the DNSs running on the web servers, each of which will only return their own IP address. If the server is down it will not answer queries and the fault tolerance mechanisms of DNS will result in another server being queried which will reply with his own IP address. In order for the A record replies to time out quickly from cache to allow for fall over to the other server, the TTL for the zones on the web servers themselves must be kept short. Augmenting Naturally there may be other reasons for a web server being down than the line is down or the server is down. The web daemon may be down or the database may be down etc. By augmenting the solution with a watchdog supervising these critical processes reliability may be improved. The watchdog could try to restart the supervised processes and if this fails it could close down the DNS daemon. Applicability The technique is applicable to any service like mail, web etc. Example Zone Files Say you have dns1.examle.com and dns2.examle.com running at 192.168.0.1 and 172.16.0.1 respectively. You have the two web servers you want to loadbalance running on 192.168.0.10 and 172.16.0.10 respectively, and you have a mail-gateway running at 192.168.0.5. Here is what the zone files will look like: example.com zone $TTL 804800 7 days values from ripe-203 document @ 3600 SOA dns1.example.com. hostmaster.example.com. ( 2002081601 serial YYYYMMDDnn 86400 refresh ( 24 hours 7200 retry ( 2 hours 3600000 expire (1000 hours 172800 minimum ( 2 days 2002-08-18-2 -

dns1 A 192.168.0.1 dns2 A 172.16.0.1 www www www dns1www A 192.168.0.10 dns2www A 172.16.0.10 www.example.com zone on dns1www $TTL 10 10 s @ SOA dns1www.example.com. hostmaster.example.com. ( 2002081601 serial YYYYMMDDnn 86400 refresh ( 24 hours 7200 retry ( 2 hours 3600000 expire (1000 hours 10 minimum ( 10 s A 192.168.0.10 www.example.com zone on dns2www $TTL 10 10 s @ SOA dns2www.example.com. hostmaster.example.com. ( 2002081601 serial YYYYMMDDnn 86400 refresh ( 24 hours 7200 retry ( 2 hours 3600000 expire (1000 hours 10 minimum ( 10 s A 172.16.0.10 And that should be it. The refresh, retry, and expire values in the www zone does not matter as there is no secondary server loading the zone. Your Domain as Web Address It is gaining popularity to have only the domain used as web address without the www in front. This can also be achieved with this technique but be careful. If you are load-balancing several servers located in one location do not use this technique! This requires your primary DNS servers to run on the web servers, and both (or more will have different zone files and have to me masters. The zone files which allows web address with and without www looks like: 2002-08-18-3 -

example.com zone on dns1 $TTL 804800 7 days values from ripe-203 document @ 3600 SOA dns1.example.com. hostmaster.example.com. ( 2002081601 serial YYYYMMDDnn 86400 refresh ( 24 hours 7200 retry ( 2 hours 3600000 expire (1000 hours 172800 minimum ( 2 days 10 A 192.168.0.10 dns1 A 192.168.0.10 dns2 A 172.16.0.10 www 10 A 192.168.0.10 example.com zone on dns2 $TTL 804800 7 days values from ripe-203 document @ 3600 SOA dns2.example.com. hostmaster.example.com. ( 2002081601 serial YYYYMMDDnn 86400 refresh ( 24 hours 7200 retry ( 2 hours 3600000 expire (1000 hours 172800 minimum ( 2 days 10 A 172.16.0.10 dns1 A 192.168.0.10 dns2 A 172.16.0.10 www 10 A 172.16.0.10 Security Issues Running the DNS server on the same server as the web server gives an extra port into the web server and an extra possibility for compromising the web server. It also, and especially in the second example, gives the possibility for taking over your DNS servers via compromise of the web servers. Care should therefore be taken with respect to security. You may want to consider running BIND in a 2002-08-18-4 -

chroot(. Information on how to do this is available from [5] and [6]. Rob Thomas has a web page with secure BIND template [6], highly recommended. References [1] BIND documentation: http://www.isc.org/products/bind/ [2] Nicolai Langfeldt: DNS and BIND, QUE 2001, ISBN 0-7897-2273-9 [3] Roland J. Schemers: lbnamed: A Load Balancing Name Server in Perl, available at: http://www.stanford.edu/~riepel/lbnamed/ [4] RIPE recommended SOA values: http://www.ripe.net/ripe/docs/ripe- 203.html [5] BIND contributions: http://www.isc.org/products/bind/contributions.html [6] Rob Thomas, Secure BIND Template: http://www.cymru.com/documents/secure-bind-template.htmll 2002-08-18-5 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information