170 likes | 485 Views
Module 4. DNS Load Balancing. DNS Load Balancing. Balancing Email Balancing Other Services SRV Multiple A/AAAA addresses rrset-order and sortlist statements Limits to DNS Load Balancing. DNS - Balancing Email. ; zone file fragment IN MX 10 mail.example.com.
E N D
Module 4 DNS Load Balancing
DNS Load Balancing • Balancing Email • Balancing Other Services • SRV • Multiple A/AAAA addresses • rrset-order and sortlist statements • Limits to DNS Load Balancing
DNS - Balancing Email ; zone file fragment IN MX 10 mail.example.com. IN MX 10 mail1.example.com. IN MX 10 mail2.example.com. .... mail IN A 192.168.0.4 mail1 IN A 192.168.0.5 mail2 IN A 192.168.0.6 ; Alternative ; zone file fragment IN MX 10 mail.example.com. .... mail IN A 192.168.0.4 IN A 192.168.0.5 IN A 192.168.0.6
DNS Balancing Email • All servers must be connected to the common email message store • Access is balanced based on IPs (rrset-order) • Difference between Mail Balancing and Failover • Failover uses MX priority • Must reverse map all mail servers
DNS - Email Reverse Map ; reverse-map file fragment ; for 0.168.192.IN-ADDR.ARPA .... 4 PTR mail.example.com. 5 PTR mail.example.com. 6 PTR mail.example.com.
DNS - Balance Services ; example.com zone file fragment .... ftp IN A 192.168.0.4 ftp IN A 192.168.0.5 ftp IN A 192.168.0.6 www IN A 192.168.0.7 www IN A 192.168.0.8 ; OR - functionally equivalent ftp IN A 192.168.0.4 IN A 192.168.0.5 IN A 192.168.0.6 www IN A 192.168.0.7 IN A 192.168.0.8
DNS - Balance Services • Modern browsers will automatically roll-over in case one web address fails (3 minutes) • Multiple A/AAAA addresses typically more efficient than replacing IP address with very short TTL • May require access to common resources • Problems with transactional services
DNS - Balancing with SRV • Not widely supported RR but increasing slowly (LDAP, AD) • However SIP makes extensive use • Pri = Priority (lowest is highest!) • Weight = ratio of usage within equal priority SRV Syntax srvce.prot.name ttl class rr pri weight port target _http._tcp IN SRV 0 5 80 www.example.com.
DNS - SRV ; zone file fragment for example.com. $TTL 2d ; zone TTL default = 2 days $ORIGIN example.com. @ SOA server hostmaster ( 2010080800 ; serial number 1d12h ; refresh = 1 day 12 hours 15m ; refreshretry = 15 minutes 3w12h ; expiry = 3 weeks + 12 hours 2h20m ; nx= 2 hours + 20 minutes ) ... _http._tcp SRV 10 1 80 slow.example.com. SRV 10 3 80 fast.example.com. ; if neither slow or fast available, switch to ; an external backup web server but use ; port 8100 not port 80 SRV 20 0 8100 backup.example.net. slow A 192.168.254.3 fast A 192.168.254.4
DNS - rrset -order // defined in named.conf // view or global options clause rrset-order { order_spec ; [ order_spec ; ... ] rrset-order { type A order cyclic; }; // order_spec [ class class_name ][ type type_name ][ name "domain_name"] order ordering // name defaults to root (.) = all domains // example rrset-order { type MX name "example.com" order random; order cyclic;};
DNS - rrset-order • Controls order delivered from Authoritative server • Effective over longer periods with volume access • Addresses may need access to common resources (web/FTP) • May fight the sortlist statement!
DNS - sortlist • Controls order from resolver to client • Complex statement • Based on Client IP address(es) • May kill the rrset-order effect
DNS - sortlist // named.conf view or global options sortlist { address_match_list }; sortlist { {10.2/16; } ;}; // example sortlist { {// 1st preference block start 192.168.4/24; // 1st client IP selection matches any IP {10.2/16; // return any response IPs as 1st preference 172.17.4/24; // 2nd preference }; }; // end first block { // second preference block 192.168.5/24; // 2nd client IP selection matches any IP {192.168.4/24; // return any response IPs as 1st preference 172.18.4/24; // 2nd preference 10.2/16; // 3rd preference }; }; // end second block }; // end sortlist };
DNS - sortlist // zone file example.com $ORIGIN example.com. lots IN A 192.168.3.6 IN A 192.168.4.5 IN A 192.168.5.5 IN A 10.2.4.5 IN A 172.17.4.5 // if client 192.168.5.33 issues an A query for lots.example.com, then the RRs will be returned in the following order: 192.168.4.5 10.2.4.5 192.168.3.6 192.168.5.5 172.17.4.5
DNS - Effectiveness Limits • rrset-order and sortlist may fight (generic DNS problem Authoritative vs Resolver) • DNS has no sense of transaction load or server load state • However, useful given: • Reasonable Traffic Load • No pathological load (one DNS represents 80% usage)
Quick Quiz • Difference between MX balancing and Failover? • Can a DNS name have more than one A/AAAA RR? • Does the A/AAAA RR relate to the server name (hostname)? • Names of 2 named.conf statements that control A/AAAA order? • Does DNS know about server load state?