Advanced DNS Course. Module 4. DNS Load Balancing



Similar documents
DNS based Load Balancing with Fault Tolerance

Configuration Notes 0215

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

The Domain Name System

How to Add Domains and DNS Records

Motivation. Domain Name System (DNS) Flat Namespace. Hierarchical Namespace

Configuring DNS. Finding Feature Information

KB Windows 2000 DNS Event Messages 1 Through 1614

Copyright

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

DNS zone transfers from FreeIPA to non-freeipa slave servers

Configuring and Using the TMM with LDAP / Active Directory

- Domain Name System -

The Use of DNS Resource Records

DNS Conformance Test Specification For Client

Global Service Loadbalancing & DNSSEC. Ralf Brünig Field Systems Engineer r.bruenig@f5.com DNSSEC

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

Introduction to DNS CHAPTER 5. In This Chapter

NetIQ Advanced Authentication Framework - MacOS Client

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

Connection Broker The Leader in Managing Hosted Desktop Infrastructures and Virtual Desktop Infrastructures (HDI and VDI) DNS Setup Guide

Using DNS SRV to Provide High Availability Scenarios

netkit lab load balancer dns 1.2 Massimo Rimondini Version Author(s)

The Root of the Matter: Hints or Slaves

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

Application and service delivery with the Elfiq idns module

THE DOMAIN NAME SYSTEM DNS

How To Set Up Mybpx Security Configuration Guide V1.2.2 (V1.3.2) On A Pc Or Mac)

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

DNS ActiveX Control for Microsoft Windows. Copyright Magneto Software All rights reserved

Application Note Multiple SIParator Distribution

DNS SRV Usage June 22, 2011

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24

Domain Name System. CS 571 Fall , Kenneth L. Calvert University of Kentucky, USA All rights reserved

Ethernet. Customer Provided Equipment Configuring the Ethernet port.

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

Application Protocols in the TCP/IP Reference Model

Networking Domain Name System

Domain Name System (DNS) Fundamentals

Table of Contents. This whitepaper outlines how to configure the operating environment for MailEnable s implementation of Exchange ActiveSync.

Use Domain Name System and IP Version 6

Single Pass Load Balancing with Session Persistence in IPv6 Network. C. J. (Charlie) Liu Network Operations Charter Communications

Application Protocols in the TCP/IP Reference Model. Application Protocols in the TCP/IP Reference Model. DNS - Concept. DNS - Domain Name System

LifeSize Transit Deployment Guide June 2011

IPv6 support in the DNS

DNS Pharming Attack Lab

DNS at NLnet Labs. Matthijs Mekking

Global Server Load Balancing (GSLB) Concepts

KAREL UCAP DNS AND DHCP CONCEPTS MANUAL MADE BY: KAREL ELEKTRONIK SANAYI ve TICARET A.S. Organize Sanayi Gazneliler Caddesi 10

Remote DNS Cache Poisoning Attack Lab

Network Working Group. E. Guttman Sun Microsystems C. Bisdikian W. Jerome IBM July 2004

Agenda. Network Services. Domain Names. Domain Name. Domain Names Domain Name System Internationalized Domain Names. Domain Names & DNS

IP Filtering for Patton RAS Products

Configuring Dynamic DNS

Lightweight DNS for Multipurpose and Multifunctional Devices

BorderWare Firewall Server 7.1. Release Notes

Section 1 Overview Section 2 Home... 5

DNS + DHCP. Michael Tsai 2015/04/27

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

ECE 4321 Computer Networks. Network Programming

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas

Teldat Router. DNS Client

Introduction to DNS and Application Issues related to DNS. Kirk Farquhar

API of DNS hosting. For DNS-master and Secondary services Table of contents

Internetworking with TCP/IP Unit 10. Domain Name System

DNS/DHCP Administration Guide for Linux

DNS and DHCP. 14 October 2008 University of Reading

Glossary of Technical Terms Related to IPv6

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

GL-275: Red Hat Linux Network Services. Course Outline. Course Length: 5 days

3. The Domain Name Service

Connecting to and Setting Up a Network

The Domain Name System

Administering the Web Server (IIS) Role of Windows Server

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

The secret life of a DNS query. Igor Sviridov <sia@nest.org>

netkit lab dns Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group Version Author(s)

DNS. Computer Networks. Seminar 12

Internet Security [1] VU Engin Kirda

Configuring SIP Trunk Failover in AOS

dnsperf DNS Performance Tool Manual

Polycom RealPresence Resource Manager System Getting Started Guide

Configure Directory Integration

DNS and BIND. David White

Managing DNS Server Properties

Presented by Greg Lindsay Technical Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group April 7, 2010

Cork Institute of Technology Master of Science in Computing in Education National Framework of Qualifications Level 9

Domain Name Servers. Domain Types WWW host names. Internet Names. COMP476 Networked Computer Systems. Domain Name Servers

IPv6 Support in the DNS

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

Quick Guide of HiDDNS Settings (with UPnP)

You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource

DNS Root NameServers

Technical Bulletin 5844

DNS security: poisoning, attacks and mitigation

IPv6.marceln.org.

Integrate with Directory Sources

Automated domain name registration: DNS background information

Transcription:

Advanced DNS Course Module 4 DNS Load Balancing

Services (SRV) Record The Services RR allows a service to be associated with a host name. A user or application that wishes to discover where a service is located can interrogate for the relevant SRV RR that describes the service. The result of a successful SRV query will be one or more host names, the port that provides the service, and two values that can be used to select the relative priority and performance of the service. Having obtained the host name, a further A (or AAAA) query will be required to obtain the IP address of the selected service. The SRV RR is being increasingly supported as the means by which the location of a service at a particular domain may be discovered, notably with VoIP and LDAP applications. OpenLDAP (www.openldap.org) in particular supports the SRV record (and publishes an SRV RR) to discover the location of the LDAP service at a domain. The SRV RR is defined in RFC 2782. SRV RR Syntax srvce.prot.name ttl class rr pri weight port target _http._tcp IN SRV 0 5 80 www.example.com. Table 1 describes the various fields unique to the SRV RR. Table 1. SRV RR Fields Field srvce Description The srvce field defines the symbolic service name. Standard symbolic service name values are listed by IANA (under the port number list at www.iana.org/assignments/port-numbers), but there is a specific SRV list currently being maintained (see note that follows) outside of IANA. Service names are case insensitive and are always prepended with _ (underscore). Common values are _http for web service, _ftp for File Transfer Protocol, _sip for Session Initiation Protocol, and _ldap for LDAP service. This srvce field

may also take a local value its scope is local to the user and therefore may take any desired value that does not conflict with the IANA list earlier. The IANA list also defines the port assigned to the service, but the port field within the SRV RR allows this port number to be changed for the particular service instance if required. prot name pri weight port target The prot field defines the case-insensitive protocol name (see www.iana.org/assignments/servicenames) prepended with a _ (underscore). Common values are _tcp for the TCP protocol and _udp for the UDP protocol. The name field is optional. If not present, then normal $ORIGIN substitution rules will occur. See the examples that follow. The pri field defines the relative priority of this service (range 0 to 65535). Lower numbers are higher priority as in the MX RR type. The weight field is used when more than one service with same priority is available. weight is a 16-bit unsigned integer in the range 0 to 65535. The value 0 indicates no weighting should be applied. If the weight is 1 or greater, it is a relative number in which the highest is most frequently delivered; that is, given two SRV records, both with a priority of, say, 10, one with a weight of 1, the other a weight of 6, the one with weight 6 will have its RR delivered first six times out of seven by the name server. The port field defines the port number that delivers the service on the target (see the target entry). This would normally be the port assigned to the symbolic service (srvce field), but this is not a requirement; for instance, it is permissible to define an _http service with a port number of 8100 rather than the more normal port 80. The target field defines the name of the host that will provide this service and will typically require a query to obtain the IP address (A or AAAA RR query). The target host may lie within this domain or in an external or foreign domain. The following fragment shows use of the priority and weight fields to define a web service with load balancing: ; zone file fragment for example.com. $TTL 2d ; zone TTL default = 2 days $ORIGIN example.com. @ SOA server.example.com. hostmaster.example.com. ( 2010080800 ; serial number 1d12h ; refresh = 1 day 12 hours 15m ; refreshretry = 15 minutes 3w12h ; expiry = 3 weeks + 12 hours 2h20m ; nx= 2 hours + 20 minutes... _http._tcp ) SRV 10 1 80 slow.example.com. SRV 10 3 80 fast.example.com. ; if neither slow or fast available, switch to ; an external backup web server but use port 8100 not port 80 SRV 20 0 8100 backup.example.net. slow A 192.168.254.3 fast A 192.168.254.4 In the preceding fragment, both fast.example.com and slow.example.com have equal priorities; the weight values are 1 and 3, respectively, which will result in fast.example.com being returned three times to every one return of slow.example.com. Thus fast.example.com will theoretically receive 75% of the load. If neither fast nor slow is available, the externally hosted backup.example.net should be used with port 8100,

not the more normal HTTP port of 80. The following fragment shows use of the SRV RR to discover the host for the LDAP service at example.com: ; zone file fragment for example.com. $TTL 2d ; zone TTL default = 2 days $ORIGIN example.com.... ; defines an ldap service available at the host jim.example.com _ldap._tcp.example.com. IN SRV 0 0 389 ldap.example.com. ; the preceding record could have been written as ; _ldap._tcp IN SRV 0 0 389 ldap... ldap IN A 192.168.254.2... To discover whether an LDAP service is available at example.com, an SRV query would be sent for _ldap_.tcp.example.com, which in the preceding case would return 0 0 389 ldap.example.com; ldap.example.com would then be queried for its A RR (or AAAA RR if IPv6), and communication could commence.

rrset-order rrset-order { order_spec ; [ order_spec ;... ] rrset-order { type A order cyclic; }; rrset-order defines the order in which RRsets multiple records of the same type are returned in the ANSWER and ADDITIONAL SECTION of responses. This statement applies to any RR type in which the records are similar (their name, class, and type are the same). The default is cyclic. The rrset-order defines the order in which similar RRs are returned from the name server. The sortlist statement controls the order in which the RRs are returned to a client, for instance, a resolver. An order_spec is defined as follows: [ class class_name ][ type type_name ][ name "domain_name"] order ordering where class_name is the record class, for instance, IN (default is any); type_name is the RR type (defaults to any); and domain_name limits the statement to a specific domain suffix and defaults to root (all domains). ordering may take one of the following values: fixed records are returned in the order they are defined in the zone file; random records are returned in a random order; cyclic records are returned in a roundrobin fashion. fixed needs BIND to be built using the configure option --enable-fixedrrset which is not the done on standard BIND packages for either Ubuntu or FreeBSD. For practical purposed only random and cyclic ordering values are available. See also the acache-enable statement under BIND Performance Statements for aditional restrictions. Only one such statement may appear in any clause the last defined will be used in the case of multiple statements. This statement may be used in a view or global options clause. The following example shows that MX RRs for example.com only will be returned in random order; all others responses will use the default cyclic order. rrset-order { type MX name "example.com" order random; order cyclic;};

sortlist The sortlist statement is used to order RRsets (groups of RRs whose name, class, and type values are the same) for use by a resolver (a client). It is the client-side equivalent of the rrset-order statement and can work against the rrset-order statement when being used as part of a load-balancing configuration: rrset-order carefully delivers RRsets in its order of preference to a remote resolver that may then proceed to reorder them with a sortlist statement when responding to its client resolver. The sortlist statement attempts to order returned records based on the IP address of the client that initiated the request. sortlist Statement Syntax sortlist { address_match_list }; sortlist { {10.2/16; } ;}; The address_match_list is used very differently from the way it is used in all other statements and assumes that each element of the address_match_list is itself an address_match_list, that is, it is a nested address_match_list and is enclosed in braces. Processing depends on whether there is one or more than one element in the nested address_match_list. In the simple case of one element, as in the preceding example, if the client s IP address matches 10.2/16 (that is, lies in the range 10.2.0.0 to 10.2.255.255) and there are any IP addresses in the response in the same range, they will be the first records supplied in the response. Any remaining records will be sorted according to the rrset-order (default is cyclic). If no match is found, the

records are simply returned in the order defined by the rrset-order or its default value (cyclic). If two elements are provided in the address_match_list, then the second element is assumed to be an ordered list of preferences. This is best illustrated by an example. Assume the zone example.com has a zone file with multiple A RRs for lots.example.com: // zone file example.com $ORIGIN example.com. lots IN A 192.168.3.6 IN A 192.168.4.5 IN A 192.168.5.5 IN A 10.2.4.5 IN A 172.17.4.5 The client-side server has a sortlist statement, as shown here: options {... sortlist { {// 1st preference block start 192.168.4/24; // 1st client IP selection matches any of these {10.2/16; // return any of these response IPs as 1st preference 172.17.4/24; // 2nd preference }; }; // end first block { // second preference block 192.168.5/24; // 2nd client IP selection matches any of these {192.168.4/24; // return any of these response IPs as 1st preference 172.18.4/24; // 2nd preference 10.2/16; // 3rd preference }; }; // end second block }; // end sortlist }; If the client, say a resolver, with an IP address of 192.168.5.33 issues an A query for lots.example.com, then the RRs will be returned in the following order: 192.168.4.5 10.2.4.5 192.168.3.6 192.168.5.5 172.17.4.5 The preceding order is computed using the following process: The top level of the address_match_list is searched against the client IP (192.168.5.33) address and matches the IP address in the sortlist statement with a comment beginning with 2nd client IP selection ; the nested address_match_list of the second block is then treated as an ordered list for the A query result RRset IPs (not the client IP). The IP address in the sortlist statement with a comment ending with 1st preference matches, so 192.168.4.5 becomes first in the returned list. The IP address in the sortlist statement with a comment of 2nd preference does not match any of the returned IPs. The IP address in the sortlist statement with a comment of 3rd

preference matches, so 10.2.4.5 becomes second in the returned list. The remaining three RRs do not match, so they are returned according to the rrset-order statement or its default (cyclic) if not defined. The sortlist statement may be used in a view or global options clause.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information