Re: putting several master DNS hosts behind a vip

[blrmaani]

On Thursday, December 10, 2015 at 9:04:48 AM UTC-8, Bob Harold wrote:
> On Wed, Dec 9, 2015 at 6:32 PM, blrmaani  wrote:
> Hi,
> 
>   I would like to put 4 DNS masters behind a vip and have several slaves 
> doing the zone transfer from the VIP-IP. Is this normal?
> 
> 
> 
> The usual approach is to have slaves getting zone transfers from multiple 
> masters. What is the disadvantage of having slaves using just the vip and 
> have all masters behind the vip?
> 
> 
> 
> thanks
> 
> Blr
> 
> 
> As others have said, I think the recommended approach is to do zone transfers 
> to the real servers.  That is what I do, and it works well.
> 
> 
> -- 
> Bob Harold
>  

Thanks all. 

Somewhat related topic - when do you use a combination of load-balancer and DNS?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: putting several master DNS hosts behind a vip

[Anand Buddhdev]

On 10/12/15 00:32, blrmaani wrote:

Hi Blr,

> I would like to put 4 DNS masters behind a vip and have several
> slaves doing the zone transfer from the VIP-IP. Is this normal?
> 
> The usual approach is to have slaves getting zone transfers from
> multiple masters. What is the disadvantage of having slaves using just
> the vip and have all masters behind the vip?

There's something else to keep in mind. Suppose you have 4 servers
behind the VIP. One of them has an updated zone, and sends notify to a
slave. If the slave now tries an XFR, its TCP connection may actually
end up on another master in the group. If that master isn't yet updated
with the latest copy of the zone, the client will not actually get an
update.

Of course, this all depends on how you're updating your masters, but
since we don't know that, I can't comment further.

Regards,
Anand
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: putting several master DNS hosts behind a vip

[Phil Mayers]

On 09/12/15 23:32, blrmaani wrote:

Hi, I would like to put 4 DNS masters behind a vip and have several
slaves doing the zone transfer from the VIP-IP. Is this normal?


In my experience no, this is not normal.

You might consider putting a "virtual" or "service" IP on your master(s) 
that you can move around to new locations during re-org, DR or other 
scenarios without having to reconfigure slaves - this is what we do.




The usual approach is to have slaves getting zone transfers from
multiple masters. What is the disadvantage of having slaves using
just the vip and have all masters behind the vip?


Someone has already mentioned NOTIFY and the return XFR not going to the 
same server, but more generally the fact that it's not necessary - DN 
supports XFR from multiple masters - means you're introducing a feature, 
adding complexity to the system, and without clear value, this is 
usually a bad idea.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

putting several master DNS hosts behind a vip

[blrmaani]

Hi,
  I would like to put 4 DNS masters behind a vip and have several slaves doing 
the zone transfer from the VIP-IP. Is this normal?

The usual approach is to have slaves getting zone transfers from multiple 
masters. What is the disadvantage of having slaves using just the vip and have 
all masters behind the vip? 

thanks
Blr
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: putting several master DNS hosts behind a vip

[Grant Taylor]

On 12/09/15 16:32, blrmaani wrote:

I would like to put 4 DNS masters behind a vip and have several slaves doing 
the zone transfer from the VIP-IP. Is this normal?


I don't know that I would consider this normal per say.

I'm assuming that you are talking some sort of network load balancer, 
i.e. F5.


Are you maintaining state or load balancing in a stateless manner?

Stateless may interfere with TCP based transfers if the LB algorithm 
isn't at least maintaining state for that TCP session.



The usual approach is to have slaves getting zone transfers from multiple 
masters. What is the disadvantage of having slaves using just the vip and have 
all masters behind the vip?


If I were messing with hardware load balancers, I'd be tempted to employ 
redundancy.  I.e. have two (or more) load balancers in front of two (or 
more) back end servers.  I would also employ affinity for a given load 
balancer / back end server pair, with fall back to other back end servers.


Doing that would provide multiple VIPs to publish as DNS servers, while 
still allowing each of them to fall back to other back end servers if 
necessary.


Conceptually I don't see any problems from the network layer with what 
you are proposing.




--
Grant. . . .
unix || die
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users