Hi all! Here are results of "simulating" DNS Round Robin.
For this purpose I used BIND DNS Server. Here are links how to install/configure it: https://www.digitalocean.com/community/articles/how-to-install-the-bind-dns-server-on-centos-6 http://www.centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html http://www.centos.org/docs/4/html/rhel-rg-en-4/s1-bind-zone.html Also here are steps that I executed to configure BIND Server. It is expected that BIND Sever has been installed successfully: 1. Configure "/etc/named.conf" file. I used configuration template from links listed above: options { #listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-transfer { localhost; }; recursion no; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "mydomain.com" IN { type master; file "mydomain.com.zone"; allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; 2. Configure "/var/named/mydomain.com.zone" file. I used configuration template from links listed above: $TTL 86400 @ IN SOA ns1.mydomain.com. root.mydomain.com. ( 2013042201 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) ; Specify our two nameservers IN NS ns1.mydomain.com. ; Resolve nameserver hostnames to IP, replace with your two droplet IP addresses. ns1 IN A 192.168.56.104 ; Define hostname -> IP pairs which you wish to resolve knox IN A 192.168.56.105 knox IN A 192.168.56.106 Here: 192.168.56.104 - it is nameserver IP. BIND is installed here. 192.168.56.105 and 192.168.56.106 - hosts where Knox istances are installed. I used "mydomain.com" as domain name, so to talk to Knox I use " knox.mydomain.com" host name. 3. On host with tests I added to "/etc/resolv.conf" additional line: nameserver 192.168.56.104 It points to host where BIND DNS Server is installed. Now client host can talk to BIND Server to resolve "knox.mydomain.com" host name. Now here is some description of how DNS RR works (all what I managed to find and understand :) ): 1. DNS Server responses to client's request with all possible IPs. IPs order is changed every time - this way DNS server makes RR. To check it, use "dig knox.mydomain.com" command. In my case it contains: ;; ANSWER SECTION: knox.mydomain.com. 86400 IN A 192.168.56.105 knox.mydomain.com. 86400 IN A 192.168.56.106 Next time I got: ;; ANSWER SECTION: knox.mydomain.com. 86400 IN A 192.168.56.106 knox.mydomain.com. 86400 IN A 192.168.56.105 Client is then responsible for selecting IP address/failover. 2. DNS RR is not required to support session stickiness. 3. Resolved IPs are cached in different layers and caching can be configured. For clear picture, please read http://en.wikipedia.org/wiki/DNS#Record_caching. Also you can read http://en.wikipedia.org/wiki/DNS#Client_lookup. 4. I ran some tests using FF browser, Knox samples, CURL, ping command. They gave me following results: - these clients internally select IP from the received list. - these clients can provide session stickiness; - these clients can provide failover; So, I can conclude that HAProxy takes all resposibility for hiding proxied instances, load balancing, session stickiness, failover, whereas DNS RR just provides a list of all hosts (which is different every time) and delegates all resposibility to clients. Maksim. -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
