Re: ISO or virtual appliance
Several years ago I used a Perl script called lbnamed that monitored status and returned the host IP address that was least loaded. Mike Mitchell Original message From: Steven Carr sjc...@gmail.com Date: 08/21/2013 10:25 PM (GMT-08:00) To: bind-users bind-users@lists.isc.org Subject: Re: ISO or virtual appliance On 22 August 2013 05:39, Manish Rane manish...@gmail.com wrote: So, DNS will monitor the host on port 80 and as soon as it detects that either of the host/link is down it would remove the associated entry and re-populate the entries Is any one aware of such solution readily available? I believe I already posted similar question but havent heard much positive things. The only open source appliance I'm aware of is http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it proxies the traffic on a virtual IP address to balance/provide HA. The easiest method if you want to do it by DNS is a simple script that is cron'd to run every X minutes and either use `nsupdate` to push updates to the records or sed/awk to rename records and then reload zone files. Not sure what you are struggling with, this is something that can be knocked together in a matter of minutes by any scripter/programmer. If you have a monitoring system like Nagios you could use the various hooks it provides to run scripts when something happens/changes state rather than writing your own custom monitoring piece. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
Well, I was thinking on the same line. Use nagios plugins check_tcp and monitor the status. The only challenge I am seeing here is updating zone and nsupdate I believe can only work with Dynamic zones and not with static entries. Sed/awk might not scale well if the zone count increases hence wondering if there are any php/jsp developers available in this community who can take this up a anew open source project just like developing solution similar to F5 GTM/LTM. I guess if we use mysql as a backend to store the zone or entries then by passing the queries we can alter the zone file. But again challenges are how to run a check_tcp from front end or pass the output of that command so that appropriate changes will be done in zone file. Any ideas guys?? On Thu, Aug 22, 2013 at 1:16 PM, Mike Mitchell mike.mitch...@sas.comwrote: Several years ago I used a Perl script called lbnamed that monitored status and returned the host IP address that was least loaded. Mike Mitchell Original message From: Steven Carr sjc...@gmail.com Date: 08/21/2013 10:25 PM (GMT-08:00) To: bind-users bind-users@lists.isc.org Subject: Re: ISO or virtual appliance On 22 August 2013 05:39, Manish Rane manish...@gmail.com wrote: So, DNS will monitor the host on port 80 and as soon as it detects that either of the host/link is down it would remove the associated entry and re-populate the entries Is any one aware of such solution readily available? I believe I already posted similar question but havent heard much positive things. The only open source appliance I'm aware of is http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it proxies the traffic on a virtual IP address to balance/provide HA. The easiest method if you want to do it by DNS is a simple script that is cron'd to run every X minutes and either use `nsupdate` to push updates to the records or sed/awk to rename records and then reload zone files. Not sure what you are struggling with, this is something that can be knocked together in a matter of minutes by any scripter/programmer. If you have a monitoring system like Nagios you could use the various hooks it provides to run scripts when something happens/changes state rather than writing your own custom monitoring piece. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
rndc flush and TTL values
This is my configuration for positive and negative cache TTL. view newDNS IN { max-cache-ttl 300; max-ncache-ttl 200; zone makemytrip.com IN { type forward; forwarders {192.168.215.101;}; forward only; }; When I run dig abc.com for the first time, the TTL shows 135 and when I rndc flush, i expect the TTL to start again afresh, without the knowledge of the previous query, but i get a TTL say 133 and further queries followed by rndc flush gives the reduced TTL values. rndc flush, flushes the cache, but the TTL is not reset. Is this the expected behavior. Thanks S ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On 22/08/13 10:05, Manish Rane wrote: Well, I was thinking on the same line. Use nagios plugins check_tcp and monitor the status. The only challenge I am seeing here is updating zone and nsupdate I believe can only work with Dynamic zones and not with static entries. Either: * Make the zone dynamic. * Make the service name a CNAME into another small dynamic (sub-)zone. This is what most DNS-based LB do e.g. www.example.com CNAME www.lb.example.com, then make lb.example.com a small, dynamically-updated zone. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
after Install
Hi After I installed bind9, by using configuration,make and make install, I typed /etc/init.d/named restart to test Bind, but linux(centos6.3) return this : /etc/init.d/named: No such file or directory could you help me to get rid of it please ? Nidal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On 22 Aug 2013, at 10:49, Phil Mayers wrote: * Make the service name a CNAME into another small dynamic (sub-)zone. This is what most DNS-based LB do e.g. www.example.com CNAME www.lb.example.com, then make lb.example.com a small, dynamically-updated zone. or delegate www.example.com as a tiny dynamic zone and update it directly. Niall O'Reilly ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On 22/08/13 11:10, Manish Rane wrote: Hmm...can you be please more elaboration. I mean in that case how the IP addresses or A records will be removed as the one CNAME entry is pointed to 2 hostsnames. Or would you want to monitor www.lb.example.com http://www.lb.example.com instead of www.example.com http://www.example.com and keep example.com http://example.com as a static entry? I am sorry I am bit confused here. You create www.example.com CNAME www.lb.example.com and leave it alone, forever You then update www.lb.example.com to add and remove IP addresses as servers come online and offline, respectively. You don't monitor the hostname - that would be idiotic. You monitor the backend webservers directly, and put the working server IPs into www.lb.example.com. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On 22/08/13 11:09, Niall O'Reilly wrote: On 22 Aug 2013, at 10:49, Phil Mayers wrote: * Make the service name a CNAME into another small dynamic (sub-)zone. This is what most DNS-based LB do e.g. www.example.com CNAME www.lb.example.com, then make lb.example.com a small, dynamically-updated zone. or delegate www.example.com as a tiny dynamic zone and update it directly. Sure, that too. One slight advantage of the lb.example.com is that you can CNAME multiple things into one dynamic zone, as opposed to a zone per-hostname. Personally I'd just make the whole zone dynamic and stop doing static zonefiles, but then that's my taste. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: after Install
On 22/08/13 11:05, Nidal Shater wrote: Hi After I installed bind9, by using configuration,make and make install, I typed /etc/init.d/named restart to test Bind, but linux(centos6.3) return this : /etc/init.d/named: No such file or directory make install does not install a SysV init script. You need to provide one yourself. Most bind packages (RPM, deb) come with an init script to suit the system. The source tarball does not, IIRC. could you help me to get rid of it please ? Grab this file and use it: http://pkgs.fedoraproject.org/cgit/bind.git/tree/named.init?h=f15 ...or see this excellent SRPM: http://www.five-ten-sg.com/mapper/bind ...which also contains an init script. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc flush and TTL values
In article mailman.1138.1377164540.20661.bind-us...@lists.isc.org, sumsum 2000 sum2h...@gmail.com wrote: This is my configuration for positive and negative cache TTL. view newDNS IN { max-cache-ttl 300; max-ncache-ttl 200; zone makemytrip.com IN { type forward; forwarders {192.168.215.101;}; forward only; }; When I run dig abc.com for the first time, the TTL shows 135 and when I rndc flush, i expect the TTL to start again afresh, without the knowledge of the previous query, but i get a TTL say 133 and further queries followed by rndc flush gives the reduced TTL values. rndc flush, flushes the cache, but the TTL is not reset. Is this the expected behavior. Thanks S Do you use forwarders for other zones beside makemytrip.com? If you forward to a caching server, you'll get their TTLs when you re-query afte flushing, not the TTLs from the authoritative servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc flush and TTL values
Yes, i do have other zones beside makemytrip.com. Thanks for the info On Thu, Aug 22, 2013 at 5:11 PM, Barry Margolin bar...@alum.mit.edu wrote: In article mailman.1138.1377164540.20661.bind-us...@lists.isc.org, sumsum 2000 sum2h...@gmail.com wrote: This is my configuration for positive and negative cache TTL. view newDNS IN { max-cache-ttl 300; max-ncache-ttl 200; zone makemytrip.com IN { type forward; forwarders {192.168.215.101;}; forward only; }; When I run dig abc.com for the first time, the TTL shows 135 and when I rndc flush, i expect the TTL to start again afresh, without the knowledge of the previous query, but i get a TTL say 133 and further queries followed by rndc flush gives the reduced TTL values. rndc flush, flushes the cache, but the TTL is not reset. Is this the expected behavior. Thanks S Do you use forwarders for other zones beside makemytrip.com? If you forward to a caching server, you'll get their TTLs when you re-query afte flushing, not the TTLs from the authoritative servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rndc flush and TTL values
In article mailman.1147.1377175530.20661.bind-us...@lists.isc.org, sumsum 2000 sum2h...@gmail.com wrote: Yes, i do have other zones beside makemytrip.com. Thanks for the info In particular, do you use forwarders for abc.com, and are you forwarding to a caching server? On Thu, Aug 22, 2013 at 5:11 PM, Barry Margolin bar...@alum.mit.edu wrote: In article mailman.1138.1377164540.20661.bind-us...@lists.isc.org, sumsum 2000 sum2h...@gmail.com wrote: This is my configuration for positive and negative cache TTL. view newDNS IN { max-cache-ttl 300; max-ncache-ttl 200; zone makemytrip.com IN { type forward; forwarders {192.168.215.101;}; forward only; }; When I run dig abc.com for the first time, the TTL shows 135 and when I rndc flush, i expect the TTL to start again afresh, without the knowledge of the previous query, but i get a TTL say 133 and further queries followed by rndc flush gives the reduced TTL values. rndc flush, flushes the cache, but the TTL is not reset. Is this the expected behavior. Thanks S Do you use forwarders for other zones beside makemytrip.com? If you forward to a caching server, you'll get their TTLs when you re-query afte flushing, not the TTLs from the authoritative servers. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: ISO or virtual appliance
lbnamed is a DNS server written in Perl. You delegate a zone to it, and let it dynamically figure out the best IP address to return. See http://www.stanford.edu/~riepel/lbnamed/ There are 3rd-party appliances that do similar functions, such as F5's GTM or Cisco's GSS. Mike Mitchell From: Manish Rane [manish...@gmail.com] Sent: Thursday, August 22, 2013 5:05 AM To: Mike Mitchell Cc: Steven Carr; bind-users Subject: Re: ISO or virtual appliance Well, I was thinking on the same line. Use nagios plugins check_tcp and monitor the status. The only challenge I am seeing here is updating zone and nsupdate I believe can only work with Dynamic zones and not with static entries. Sed/awk might not scale well if the zone count increases hence wondering if there are any php/jsp developers available in this community who can take this up a anew open source project just like developing solution similar to F5 GTM/LTM. I guess if we use mysql as a backend to store the zone or entries then by passing the queries we can alter the zone file. But again challenges are how to run a check_tcp from front end or pass the output of that command so that appropriate changes will be done in zone file. Any ideas guys?? On Thu, Aug 22, 2013 at 1:16 PM, Mike Mitchell mike.mitch...@sas.commailto:mike.mitch...@sas.com wrote: Several years ago I used a Perl script called lbnamed that monitored status and returned the host IP address that was least loaded. Mike Mitchell Original message From: Steven Carr sjc...@gmail.commailto:sjc...@gmail.com Date: 08/21/2013 10:25 PM (GMT-08:00) To: bind-users bind-users@lists.isc.orgmailto:bind-users@lists.isc.org Subject: Re: ISO or virtual appliance On 22 August 2013 05:39, Manish Rane manish...@gmail.commailto:manish...@gmail.com wrote: So, DNS will monitor the host on port 80 and as soon as it detects that either of the host/link is down it would remove the associated entry and re-populate the entries Is any one aware of such solution readily available? I believe I already posted similar question but havent heard much positive things. The only open source appliance I'm aware of is http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it proxies the traffic on a virtual IP address to balance/provide HA. The easiest method if you want to do it by DNS is a simple script that is cron'd to run every X minutes and either use `nsupdate` to push updates to the records or sed/awk to rename records and then reload zone files. Not sure what you are struggling with, this is something that can be knocked together in a matter of minutes by any scripter/programmer. If you have a monitoring system like Nagios you could use the various hooks it provides to run scripts when something happens/changes state rather than writing your own custom monitoring piece. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.orgmailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Strange problem with a query deleting a record...
Greetings All, First of all, I apologize if this is out of place - I'm having a very strange issue that is either a problem with bind itself, or at least, affecting it. Summary: For only ONE address, whenever I attempt to access it through my squid proxy, the record disappears from DNS, and the retry time changes too. Essentially, accessing www.thisdomain.com works, but a link to a portal on that page to the subdomain login.thisdomain.com causes the problem. I'm willing to bet the problem lies with squid, but as to how it could possibly change a record in bind... Well, I'm stumped. If you don't go through squid, everything works. All other requests to bind for the address of the host in question work fine. Here's a the output of dig from before accessing the page through squid: ; DiG 9.4.1-P1 login.thisdomain.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 45037 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;login.thisdomain.com.IN A ;; ANSWER SECTION: login.thisdomain.com. 17 IN A 111.222.333.123 ;; AUTHORITY SECTION: thisdomain.com. 168319 IN NS ns1.thisdomain.com. thisdomain.com. 168319 IN NS ns2.thisdomain.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Aug 22 12:29:57 2013 ;; MSG SIZE rcvd: 88 You can do anything to request the address from bind and it works, *except* try to access it through squid. Bypassing squid and going directly through the firewall works fine. Now, immediately after you try to access it through squid: ; DiG 9.4.1-P1 login.thisdomain.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 43943 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;login.thisdomain.com.IN A ;; AUTHORITY SECTION: thisdomain.com. 298 IN SOA ns1.thisdomain.com. serv.anotherdomain.com. 2006062510 3600 3600 2592000 300 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Aug 22 12:30:06 2013 ;; MSG SIZE rcvd: 95 After the 5-minute retry shown above expires, the original record reappears. Ideas? I'm stumped. It seems like squid is somehow able to corrupt bind's info, but I can't imagine how. -John -- Please consider the environment before printing this e-mail. This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee, or agent responsible for delivering the message to the intended recipient, is strictly prohibited. All contents are the copyright property of the sender. If you are not the intended recipient, you are nevertheless bound to respect the sender's worldwide legal rights. We require that unintended recipients delete the e-mail and destroy all electronic copies in their system, retaining no copies in any media. If you have received this e-mail in error, please immediately notify us by calling our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. We appreciate your cooperation. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
That seems to be a dead link. I am unable to down load the file. -- Thanks and Regards, Manish R On Thu, Aug 22, 2013 at 9:05 PM, Mike Mitchell mike.mitch...@sas.comwrote: lbnamed is a DNS server written in Perl. You delegate a zone to it, and let it dynamically figure out the best IP address to return. See http://www.stanford.edu/~riepel/lbnamed/ There are 3rd-party appliances that do similar functions, such as F5's GTM or Cisco's GSS. Mike Mitchell -- *From:* Manish Rane [manish...@gmail.com] *Sent:* Thursday, August 22, 2013 5:05 AM *To:* Mike Mitchell *Cc:* Steven Carr; bind-users *Subject:* Re: ISO or virtual appliance Well, I was thinking on the same line. Use nagios plugins check_tcp and monitor the status. The only challenge I am seeing here is updating zone and nsupdate I believe can only work with Dynamic zones and not with static entries. Sed/awk might not scale well if the zone count increases hence wondering if there are any php/jsp developers available in this community who can take this up a anew open source project just like developing solution similar to F5 GTM/LTM. I guess if we use mysql as a backend to store the zone or entries then by passing the queries we can alter the zone file. But again challenges are how to run a check_tcp from front end or pass the output of that command so that appropriate changes will be done in zone file. Any ideas guys?? On Thu, Aug 22, 2013 at 1:16 PM, Mike Mitchell mike.mitch...@sas.comwrote: Several years ago I used a Perl script called lbnamed that monitored status and returned the host IP address that was least loaded. Mike Mitchell Original message From: Steven Carr sjc...@gmail.com Date: 08/21/2013 10:25 PM (GMT-08:00) To: bind-users bind-users@lists.isc.org Subject: Re: ISO or virtual appliance On 22 August 2013 05:39, Manish Rane manish...@gmail.com wrote: So, DNS will monitor the host on port 80 and as soon as it detects that either of the host/link is down it would remove the associated entry and re-populate the entries Is any one aware of such solution readily available? I believe I already posted similar question but havent heard much positive things. The only open source appliance I'm aware of is http://www.zenloadbalancer.org but AFAIK that doesn't update DNS, it proxies the traffic on a virtual IP address to balance/provide HA. The easiest method if you want to do it by DNS is a simple script that is cron'd to run every X minutes and either use `nsupdate` to push updates to the records or sed/awk to rename records and then reload zone files. Not sure what you are struggling with, this is something that can be knocked together in a matter of minutes by any scripter/programmer. If you have a monitoring system like Nagios you could use the various hooks it provides to run scripts when something happens/changes state rather than writing your own custom monitoring piece. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
That appears to be a strange desire. If you need such high levels of never allow a normal retry you might look at using either Prolexic or Akami services to create a geographically-diverse network topology. Or even a simple 3DNS or router package at your borders with a few inner-DMZ systems to handle the load. Using http to determine if DNS services are running is a very unusual complication. Hth Len From: Manish Rane manish...@gmail.com To: John Miller johnm...@brandeis.edu Cc: bind-users bind-users@lists.isc.org Sent: Wednesday, August 21, 2013 9:39 PM Subject: Re: ISO or virtual appliance Well the main idea behind and have been struggling to configure for almost last one year is to have a open source alternative to DNS Based failover/System monitoring thus have inbound loadbalancer. Where DNS server monitors the hosts on particular port and if any of the fails it removes the entry from zone and populate the entry with low TTL. Just to give example. say I have two Public IP addresses natted with one public IP 1.1.1.1 --- 192.168.1.10 2.2.2.2 --- 192.168.1.10 www.example.com A 300 1.1.1.1 www.example.com A 300 2.2.2.2 So, DNS will monitor the host on port 80 and as soon as it detects that either of the host/link is down it would remove the associated entry and re-populate the entries Is any one aware of such solution readily available? I believe I already posted similar question but havent heard much positive things. On Thu, Aug 22, 2013 at 1:45 AM, John Miller johnm...@brandeis.edu wrote: Hi Manish, You can always grab a pre-canned ISO from turnkeylinux.org. You could also use Puppet or Chef recipes to get BIND up and running. I'm sure someone also has a Vagrant box available -- try vagrantbox.es. Generally speaking, though, if you're using an appliance in production, you need to understand the innards and be prepared to do your own maintenance, or you need to pay someone for support. John On 08/21/2013 02:34 PM, Manish Rane wrote: Hi Guys, Is there any ISO or virtual appliance available for BIND? Which ease out the deploy and configuration task. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On 2013.08.22 00.39, Manish Rane wrote: Well the main idea behind and have been struggling to configure for almost last one year is to have a open source alternative to DNS Based failover/System monitoring thus have inbound loadbalancer. i guess it's worth noting, since i don't believe it's yet been mentioned, that dns offers really only a very crude form of load balancing, and does not do high availability at all. yes, there is all sorts of trickery that can be done, like changing zone data when certain events happen, and very low ttls, but these things are fundamentally at odds with both the nature of how dns works, and the essence of a courteous dns admin. there are numerous layers of caching, from the client directly contacting the authoritative nameserver all of the way through to often the operating system's resolver libraries and ultimately the program which instantiated the request to begin with. this heavy, fundamental dependence on caching means that there will be consistent failures experienced by users [especially if you are talking about high availability], since they will not necessarily see the updated zone data immediately upon failure of the service. this is also a function of the service/protocol/program in question, as there may not be iteration through the returned addresses upon failure. in terms of courtesy, theoretically, as a general rule, ttls should be encouraged to be higher, rather than lower [as is the essence of having a mechanism to cache the result in the first place], and thus encouraging use of unnecessarily low ttls is in contrast to a large part of the spirit of dns - that one can avoid unnecessary bandwidth consumption just because you might want to change your data. that is not to say that there are not legitimate applications for lower ttls [any dns admin knows that there of course are] - just that the goal should begin life as an attempt to publish higher ttls, not lower ttls. in short, although rr dns can be [and often is] a part of load balancing, there are ultimately almost always better ways to do it, and certainly better ways to do high availability. -ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On 13-08-22 01:39 AM, Manish Rane wrote: Well the main idea behind and have been struggling to configure for almost last one year is to have a open source alternative to DNS Based failover/System monitoring thus have inbound loadbalancer. Easy solution - have two nameservers / load balancers, ns1.yourdomain and ns2.yourdomain, each returning their own IP in response to lookups. If one goes offline... users will never receive a reply from it with its IP, and never go to it. problem with this solution? you need to manually update both domain servers when you make changes, not just one. This may or may not be an issue for you. -- Looking for (employment|contract) work in the Internet industry, preferably working remotely. Building / Supporting the net since 2400 baud was the hot thing. Ask for a resume! ispbuil...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On Aug 22, 2013, at 4:06 PM, Mike ispbuil...@gmail.com wrote: On 13-08-22 01:39 AM, Manish Rane wrote: Well the main idea behind and have been struggling to configure for almost last one year is to have a open source alternative to DNS Based failover/System monitoring thus have inbound loadbalancer. Easy solution - have two nameservers / load balancers, ns1.yourdomain and ns2.yourdomain, each returning their own IP in response to lookups. If one goes offline... users will never receive a reply from it with its IP, and never go to it. problem with this solution? This assumes that the machine going off-line is the only failure mode -- if the service (like http) on goes down, but named continues answering you will be hurting users. W you need to manually update both domain servers when you make changes, not just one. This may or may not be an issue for you. -- Looking for (employment|contract) work in the Internet industry, preferably working remotely. Building / Supporting the net since 2400 baud was the hot thing. Ask for a resume! ispbuil...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- A. No Q. Is it sensible to top-post? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISO or virtual appliance
On 13-08-22 05:10 PM, Warren Kumari wrote: This assumes that the machine going off-line is the only failure mode -- if the service (like http) on goes down, but named continues answering you will be hurting users. W Agreed - it's pretty simple to run something that checks HTTP's health and if its bad, alarms and kills off named. -- Looking for (employment|contract) work in the Internet industry, preferably working remotely. Building / Supporting the net since 2400 baud was the hot thing. Ask for a resume! ispbuil...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users