Re: bind configuration issues
On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different router (Linksys RV082) with 2 static ip address. In order to have redundancy, you need to have two real, separate machines, each of which is running BIND, each of which is on a separate routable IP. This is an orthogonal issue to setting up multiple Internet connections. How do I set up bind so that 1) bandwidth is shared between the two connections, and 2) if one goes down, the other keeps working. I had a few ideas, but they all seem to have flaws. You can't set up BIND to control multilink aggregation and failover; that's not what it does. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bind configuration issues
You certainly don't need BGP for this, the DNS thing will work, but will be a bit kludgy and certainly not as ... responsive to failures - a la query caching, TTL's and what not. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: Ray Still rstil...@gmail.com Cc: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 12:50:56 2009 Subject: Re: bind configuration issues On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different router (Linksys RV082) with 2 static ip address. In order to have redundancy, you need to have two real, separate machines, each of which is running BIND, each of which is on a separate routable IP. This is an orthogonal issue to setting up multiple Internet connections. How do I set up bind so that 1) bandwidth is shared between the two connections, and 2) if one goes down, the other keeps working. I had a few ideas, but they all seem to have flaws. You can't set up BIND to control multilink aggregation and failover; that's not what it does. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bind configuration issues
On Mon, Oct 26, 2009 at 11:55 AM, Gary Gatten ggat...@waddell.com wrote: You certainly don't need BGP for this, the DNS thing will work, but will be a bit kludgy and certainly not as ... responsive to failures - a la query caching, TTL's and what not. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: Ray Still rstil...@gmail.com Cc: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 12:50:56 2009 Subject: Re: bind configuration issues On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. two different providers. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different router (Linksys RV082) with 2 static ip address. In order to have redundancy, you need to have two real, separate machines, each of which is running BIND, each of which is on a separate routable IP. This is an orthogonal issue to setting up multiple Internet connections. Yes, In an ideal world I would do this. The two machines would also be in separate buildings/cities/provinces/countries/planets (pick your level of paranoia) ;) However, reducing single points of failure is an improvement, even if I can't eliminate them. How do I set up bind so that 1) bandwidth is shared between the two connections, and 2) if one goes down, the other keeps working. I had a few ideas, but they all seem to have flaws. You can't set up BIND to control multilink aggregation and failover; that's not what it does. Regards, -- freebsd-questions@freebsd.org -Chuck Thanks for the replies. Chuck, thanks for the keywords to search. Some of what I'm finding looks like a solution for companies a lot bigger than me, but I'll keep looking. Gary, can you give me any clues about how to do it with just DNS? Yes, I do realize that this leaves single points of failure, but at least they would be points that I could do something about if necessary. Thanks again, Ray ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: bind configuration issues
I'm not intimate with bind, or anything/one actually - but that's another story... Anyway, the gist is you need to ping some public hosts from your dns server (or another system I guess, but easier if on the dns server). One destination host would be reachable through one connection, and the other of course would only be reachable through the alternate connection. Maybe use the primary DNS servers each upstream ISP provides to you? Anyway, if both pings are OK, then your DNS server does round-robin for the host(s) in question. If one ping fails, then you stop handing out that IP. You can for the route taken within ping itself, or use static host(/32) routes, etc. Sounds simple huh? It kinda is, and LONG ago I had a shell script to do just this, but it's gone - and maybe bind 9+ has some sort of this functionality available to you embedded in the bind code? Don't know. Even if you have to write your own script to update your dns records based on your monitoring process it's not that hard even for a scripting novice such as myself! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Ray Still Sent: Monday, October 26, 2009 1:56 PM To: freebsd-questions@freebsd.org Subject: Re: bind configuration issues On Mon, Oct 26, 2009 at 11:55 AM, Gary Gatten ggat...@waddell.com wrote: You certainly don't need BGP for this, the DNS thing will work, but will be a bit kludgy and certainly not as ... responsive to failures - a la query caching, TTL's and what not. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: Ray Still rstil...@gmail.com Cc: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 12:50:56 2009 Subject: Re: bind configuration issues On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. two different providers. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different router (Linksys RV082) with 2 static ip address. In order to have redundancy, you need to have two real, separate machines, each of which is running BIND, each of which is on a separate routable IP. This is an orthogonal issue to setting up multiple Internet connections. Yes, In an ideal world I would do this. The two machines would also be in separate buildings/cities/provinces/countries/planets (pick your level of paranoia) ;) However, reducing single points of failure is an improvement, even if I can't eliminate them. How do I set up bind so that 1) bandwidth is shared between the two connections, and 2) if one goes down, the other keeps working. I had a few ideas, but they all seem to have flaws. You can't set up BIND to control multilink aggregation and failover; that's not what it does. Regards, -- freebsd-questions@freebsd.org -Chuck Thanks for the replies. Chuck, thanks for the keywords to search. Some of what I'm finding looks like a solution for companies a lot bigger than me, but I'll keep looking. Gary, can you give me any clues about how to do it with just DNS? Yes, I do realize that this leaves single points of failure, but at least they would be points that I could do something about if necessary. Thanks again, Ray ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding
RE: bind configuration issues
I googled dns round robin failover and there are many hits. One interesting one is: http://forums.devshed.com/dns-36/ha-using-round-robinworking-368800.html It suggests well written apps / resolvers will try to use all ip's returned by the query starting with the preferred one, not JUST the preferred one. Which means, just by enabling round robin with multiple A records, you MAY get some level of HA/Failover by default. Cool, BUT, I wouldn't bet my life on it. I'd still have something that could tweak your DNS records based on packet loss, latency, etc. What if your circuit is up, but is degraded by loss, latency (load induced or otherwise), etc. As you mentioned, something is better than nothing - so start simple and go from there! HTH! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Gary Gatten Sent: Monday, October 26, 2009 2:07 PM To: Ray Still; freebsd-questions@freebsd.org Subject: RE: bind configuration issues I'm not intimate with bind, or anything/one actually - but that's another story... Anyway, the gist is you need to ping some public hosts from your dns server (or another system I guess, but easier if on the dns server). One destination host would be reachable through one connection, and the other of course would only be reachable through the alternate connection. Maybe use the primary DNS servers each upstream ISP provides to you? Anyway, if both pings are OK, then your DNS server does round-robin for the host(s) in question. If one ping fails, then you stop handing out that IP. You can for the route taken within ping itself, or use static host(/32) routes, etc. Sounds simple huh? It kinda is, and LONG ago I had a shell script to do just this, but it's gone - and maybe bind 9+ has some sort of this functionality available to you embedded in the bind code? Don't know. Even if you have to write your own script to update your dns records based on your monitoring process it's not that hard even for a scripting novice such as myself! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Ray Still Sent: Monday, October 26, 2009 1:56 PM To: freebsd-questions@freebsd.org Subject: Re: bind configuration issues On Mon, Oct 26, 2009 at 11:55 AM, Gary Gatten ggat...@waddell.com wrote: You certainly don't need BGP for this, the DNS thing will work, but will be a bit kludgy and certainly not as ... responsive to failures - a la query caching, TTL's and what not. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: Ray Still rstil...@gmail.com Cc: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 12:50:56 2009 Subject: Re: bind configuration issues On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. two different providers. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different router (Linksys RV082) with 2 static ip address. In order to have redundancy, you need to have two real, separate machines, each of which is running BIND, each of which is on a separate routable IP. This is an orthogonal issue to setting up multiple Internet connections. Yes, In an ideal world I would do this. The two machines would also be in separate buildings/cities/provinces/countries/planets (pick your level of paranoia) ;) However, reducing single points of failure is an improvement, even if I can't eliminate them. How do I set up bind so that 1) bandwidth is shared between the two connections, and 2) if one goes down, the other keeps working. I had a few ideas, but they all seem to have flaws. You can't set up BIND to control multilink aggregation and failover; that's not what it does. Regards, -- freebsd-questions@freebsd.org -Chuck Thanks for the replies. Chuck, thanks for the keywords to search. Some of what I'm finding looks like a solution for companies a lot bigger than me, but I'll keep looking. Gary, can you give me any clues about how to do it with just DNS? Yes, I do realize that this leaves single points of failure, but at least they would be points that I could do something about if necessary
Re: bind configuration issues
Ok, tell me just how nuts this idea is. To recap, two pipes, one destination. I set up second DNS server. ns1.example.com at 70.65. (provider 1) ns2.example.com at 206.75(provider 2) A records for example.org on ns1 will give 70.65. on ns2 206.75 if provider one goes down, ns1 is gone, ns2 is still available, and so is the route to the sites. It's not the best solution, but it's better than what I have. Am I missing something that's going to come back and bite me in the butt? Thanks, Ray On Mon, Oct 26, 2009 at 2:14 PM, Gary Gatten ggat...@waddell.com wrote: I googled dns round robin failover and there are many hits. One interesting one is: http://forums.devshed.com/dns-36/ha-using-round-robinworking-368800.html It suggests well written apps / resolvers will try to use all ip's returned by the query starting with the preferred one, not JUST the preferred one. Which means, just by enabling round robin with multiple A records, you MAY get some level of HA/Failover by default. Cool, BUT, I wouldn't bet my life on it. I'd still have something that could tweak your DNS records based on packet loss, latency, etc. What if your circuit is up, but is degraded by loss, latency (load induced or otherwise), etc. As you mentioned, something is better than nothing - so start simple and go from there! HTH! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Gary Gatten Sent: Monday, October 26, 2009 2:07 PM To: Ray Still; freebsd-questions@freebsd.org Subject: RE: bind configuration issues I'm not intimate with bind, or anything/one actually - but that's another story... Anyway, the gist is you need to ping some public hosts from your dns server (or another system I guess, but easier if on the dns server). One destination host would be reachable through one connection, and the other of course would only be reachable through the alternate connection. Maybe use the primary DNS servers each upstream ISP provides to you? Anyway, if both pings are OK, then your DNS server does round-robin for the host(s) in question. If one ping fails, then you stop handing out that IP. You can for the route taken within ping itself, or use static host(/32) routes, etc. Sounds simple huh? It kinda is, and LONG ago I had a shell script to do just this, but it's gone - and maybe bind 9+ has some sort of this functionality available to you embedded in the bind code? Don't know. Even if you have to write your own script to update your dns records based on your monitoring process it's not that hard even for a scripting novice such as myself! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Ray Still Sent: Monday, October 26, 2009 1:56 PM To: freebsd-questions@freebsd.org Subject: Re: bind configuration issues On Mon, Oct 26, 2009 at 11:55 AM, Gary Gatten ggat...@waddell.com wrote: You certainly don't need BGP for this, the DNS thing will work, but will be a bit kludgy and certainly not as ... responsive to failures - a la query caching, TTL's and what not. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: Ray Still rstil...@gmail.com Cc: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 12:50:56 2009 Subject: Re: bind configuration issues On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. two different providers. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different router (Linksys RV082) with 2 static ip address. In order to have redundancy, you need to have two real, separate machines, each of which is running BIND, each of which is on a separate routable IP. This is an orthogonal issue to setting up multiple Internet connections. Yes, In an ideal world I would do this. The two machines would also be in separate buildings/cities/provinces/countries/planets (pick your level of paranoia) ;) However, reducing single points of failure is an improvement, even if I can't eliminate them. How do I set up bind so that 1) bandwidth is shared between the two connections, and 2
Re: bind configuration issues
Yes, your missing something. I don't think your solution will work very well. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 18:13:47 2009 Subject: Re: bind configuration issues Ok, tell me just how nuts this idea is. To recap, two pipes, one destination. I set up second DNS server. ns1.example.com at 70.65. (provider 1) ns2.example.com at 206.75(provider 2) A records for example.org on ns1 will give 70.65. on ns2 206.75 if provider one goes down, ns1 is gone, ns2 is still available, and so is the route to the sites. It's not the best solution, but it's better than what I have. Am I missing something that's going to come back and bite me in the butt? Thanks, Ray On Mon, Oct 26, 2009 at 2:14 PM, Gary Gatten ggat...@waddell.com wrote: I googled dns round robin failover and there are many hits. One interesting one is: http://forums.devshed.com/dns-36/ha-using-round-robinworking-368800.html It suggests well written apps / resolvers will try to use all ip's returned by the query starting with the preferred one, not JUST the preferred one. Which means, just by enabling round robin with multiple A records, you MAY get some level of HA/Failover by default. Cool, BUT, I wouldn't bet my life on it. I'd still have something that could tweak your DNS records based on packet loss, latency, etc. What if your circuit is up, but is degraded by loss, latency (load induced or otherwise), etc. As you mentioned, something is better than nothing - so start simple and go from there! HTH! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Gary Gatten Sent: Monday, October 26, 2009 2:07 PM To: Ray Still; freebsd-questions@freebsd.org Subject: RE: bind configuration issues I'm not intimate with bind, or anything/one actually - but that's another story... Anyway, the gist is you need to ping some public hosts from your dns server (or another system I guess, but easier if on the dns server). One destination host would be reachable through one connection, and the other of course would only be reachable through the alternate connection. Maybe use the primary DNS servers each upstream ISP provides to you? Anyway, if both pings are OK, then your DNS server does round-robin for the host(s) in question. If one ping fails, then you stop handing out that IP. You can for the route taken within ping itself, or use static host(/32) routes, etc. Sounds simple huh? It kinda is, and LONG ago I had a shell script to do just this, but it's gone - and maybe bind 9+ has some sort of this functionality available to you embedded in the bind code? Don't know. Even if you have to write your own script to update your dns records based on your monitoring process it's not that hard even for a scripting novice such as myself! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Ray Still Sent: Monday, October 26, 2009 1:56 PM To: freebsd-questions@freebsd.org Subject: Re: bind configuration issues On Mon, Oct 26, 2009 at 11:55 AM, Gary Gatten ggat...@waddell.com wrote: You certainly don't need BGP for this, the DNS thing will work, but will be a bit kludgy and certainly not as ... responsive to failures - a la query caching, TTL's and what not. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: Ray Still rstil...@gmail.com Cc: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 12:50:56 2009 Subject: Re: bind configuration issues On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. two different providers. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different router (Linksys RV082) with 2 static ip address. In order to have redundancy, you need to have two real, separate machines, each of which is running BIND, each of which is on a separate routable IP. This is an orthogonal issue to setting up multiple Internet connections. Yes, In an ideal world I would do
Re: bind configuration issues
How will the client side resolvers know what dns server to use to resolve example.com? - Original Message - From: Gary Gatten To: 'rstil...@gmail.com' rstil...@gmail.com; 'freebsd-questions@freebsd.org' freebsd-questions@freebsd.org Sent: Mon Oct 26 18:24:38 2009 Subject: Re: bind configuration issues Yes, your missing something. I don't think your solution will work very well. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 18:13:47 2009 Subject: Re: bind configuration issues Ok, tell me just how nuts this idea is. To recap, two pipes, one destination. I set up second DNS server. ns1.example.com at 70.65. (provider 1) ns2.example.com at 206.75(provider 2) A records for example.org on ns1 will give 70.65. on ns2 206.75 if provider one goes down, ns1 is gone, ns2 is still available, and so is the route to the sites. It's not the best solution, but it's better than what I have. Am I missing something that's going to come back and bite me in the butt? Thanks, Ray On Mon, Oct 26, 2009 at 2:14 PM, Gary Gatten ggat...@waddell.com wrote: I googled dns round robin failover and there are many hits. One interesting one is: http://forums.devshed.com/dns-36/ha-using-round-robinworking-368800.html It suggests well written apps / resolvers will try to use all ip's returned by the query starting with the preferred one, not JUST the preferred one. Which means, just by enabling round robin with multiple A records, you MAY get some level of HA/Failover by default. Cool, BUT, I wouldn't bet my life on it. I'd still have something that could tweak your DNS records based on packet loss, latency, etc. What if your circuit is up, but is degraded by loss, latency (load induced or otherwise), etc. As you mentioned, something is better than nothing - so start simple and go from there! HTH! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Gary Gatten Sent: Monday, October 26, 2009 2:07 PM To: Ray Still; freebsd-questions@freebsd.org Subject: RE: bind configuration issues I'm not intimate with bind, or anything/one actually - but that's another story... Anyway, the gist is you need to ping some public hosts from your dns server (or another system I guess, but easier if on the dns server). One destination host would be reachable through one connection, and the other of course would only be reachable through the alternate connection. Maybe use the primary DNS servers each upstream ISP provides to you? Anyway, if both pings are OK, then your DNS server does round-robin for the host(s) in question. If one ping fails, then you stop handing out that IP. You can for the route taken within ping itself, or use static host(/32) routes, etc. Sounds simple huh? It kinda is, and LONG ago I had a shell script to do just this, but it's gone - and maybe bind 9+ has some sort of this functionality available to you embedded in the bind code? Don't know. Even if you have to write your own script to update your dns records based on your monitoring process it's not that hard even for a scripting novice such as myself! G -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Ray Still Sent: Monday, October 26, 2009 1:56 PM To: freebsd-questions@freebsd.org Subject: Re: bind configuration issues On Mon, Oct 26, 2009 at 11:55 AM, Gary Gatten ggat...@waddell.com wrote: You certainly don't need BGP for this, the DNS thing will work, but will be a bit kludgy and certainly not as ... responsive to failures - a la query caching, TTL's and what not. - Original Message - From: owner-freebsd-questi...@freebsd.org owner-freebsd-questi...@freebsd.org To: Ray Still rstil...@gmail.com Cc: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Sent: Mon Oct 26 12:50:56 2009 Subject: Re: bind configuration issues On Oct 26, 2009, at 10:03 AM, Ray Still wrote: Hello, I am adding a redundant Internet connection to my current hosting setup and I need to figure out how to set up the DNS to make this work. The two issues normally aren't related. If both connections are from the same provider, talk to them about multilink PPP; if they are from different providers, you need to look into multihoming and getting your own AS #. two different providers. Current setup: freebsd 7.0 machine, one local IP address, runs web, mail, and name server. static ip address in router. I have two DNS servers registered, but they both point to the same ip address an the same machine. (Yes, I should have my fingers slapped.) Desired setup same machine, one local IP address, runs web, mail, and name server. different
Re: bind configuration issues
Ray Still wrote: Ok, tell me just how nuts this idea is. imho, your thought-process is not nuts. I can see what you are trying to do, so kudos given for trying to work it out with what you have. To recap, two pipes, one destination. I set up second DNS server. ns1.example.com at 70.65. (provider 1) ns2.example.com at 206.75(provider 2) A records for example.org on ns1 will give 70.65. on ns2 206.75 if provider one goes down, ns1 is gone, ns2 is still available, and so is the route to the sites. Note: I haven't followed the entire thread... Remember that no matter where your name servers are located, they both will hold the same information (if they don't, then shame on you, as you just broke scalability). This means that other caching servers all over the 'net may have either entry. Some ISP's name servers will cache records even longer than what your TTL is set to without trying to re-check (shame on them). Hence, you can never count on using DNS naming as a tactic for redundancy. It's not the best solution, but it's better than what I have. If I understand your conundrum properly (one server with an internal IP, with NAT in front of it, port-forwarded back aliased from two separate ISP public IPs), then, at minimum, here's how you can essentially 'halve' the damage: - set up your DNS servers in a proper master/slave configuration - configure your 'A' records in a round-robin setup. I'll assume your zone is ibctech.ca, and that your $TTL is 360: www IN A 208.70.104.210 www IN A 208.70.104.211 (yes, I know 360 puts pressure on everyone else, but this is for example purposes). If I know I will need to make DNS changes in advance for a domain, I'll set the TTL to 360 (secs) long before the changes need to be made. Then, I can make the changes, and if caching resolvers are Doing The Right Thing, they will pick up these changes after five minutes. If you have a domain that is high-traffic, don't do this. I'd like to emphasize that a low ttl puts pressure on every DNS caching server on the Internet that must look up information on your domain. With that said, with a 5 min ttl, in the event of an outage, you can hop onto your authoritative DNS server, switch BOTH A records to point to the working IP, and the rest of the 'net 'should' be able to see those changes within five minutes (again, if they obey your ttl). Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bind configuration issues
Ray Still wrote: Ok, tell me just how nuts this idea is. In addition to my other post: I like your mentality of trying to do whatever you can to create redundancy. I've often tried to think of ways to use DNS to make things redundant and resilient. Keep up trying new ways to stretch things in ways people may not have expected. You never know what you may stumble across one day. Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bind configuration issues
On Mon, Oct 26, 2009 at 6:42 PM, Steve Bertrand st...@ibctech.ca wrote: Ray Still wrote: Ok, tell me just how nuts this idea is. imho, your thought-process is not nuts. I can see what you are trying to do, so kudos given for trying to work it out with what you have. To recap, two pipes, one destination. I set up second DNS server. ns1.example.com at 70.65. (provider 1) ns2.example.com at 206.75(provider 2) A records for example.org on ns1 will give 70.65. on ns2 206.75 if provider one goes down, ns1 is gone, ns2 is still available, and so is the route to the sites. Note: I haven't followed the entire thread... Remember that no matter where your name servers are located, they both will hold the same information (if they don't, then shame on you, as you just broke scalability). This means that other caching servers all over the 'net may have either entry. Some ISP's name servers will cache records even longer than what your TTL is set to without trying to re-check (shame on them). Hence, you can never count on using DNS naming as a tactic for redundancy. It's not the best solution, but it's better than what I have. If I understand your conundrum properly (one server with an internal IP, with NAT in front of it, port-forwarded back aliased from two separate ISP public IPs), then, at minimum, here's how you can essentially 'halve' the damage: - set up your DNS servers in a proper master/slave configuration - configure your 'A' records in a round-robin setup. I'll assume your zone is ibctech.ca, and that your $TTL is 360: www IN A 208.70.104.210 www IN A 208.70.104.211 (yes, I know 360 puts pressure on everyone else, but this is for example purposes). If I know I will need to make DNS changes in advance for a domain, I'll set the TTL to 360 (secs) long before the changes need to be made. Then, I can make the changes, and if caching resolvers are Doing The Right Thing, they will pick up these changes after five minutes. If you have a domain that is high-traffic, don't do this. I'd like to emphasize that a low ttl puts pressure on every DNS caching server on the Internet that must look up information on your domain. With that said, with a 5 min ttl, in the event of an outage, you can hop onto your authoritative DNS server, switch BOTH A records to point to the working IP, and the rest of the 'net 'should' be able to see those changes within five minutes (again, if they obey your ttl). Steve OK, after reading and re-reading and experimenting I think I get it. Thanks for your comments and patience. I will probably end up using something based on Gary's round robin suggestion. It may not provide 100% reliable failover, but it will help, and worst case, it will provide some bandwidth sharing. Thanks, Ray ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
