You could also just use keepalived for a vip on each mesos-dns instance assuming they are in the same lan.
On Thursday, April 2, 2015, Tom Arnfeld <[email protected]> wrote: > We're using a BGP based solution currently to solve the problem of highly > available DNS resolvers. > > That might be a route worth taking, and one that could still work via > marathon on top of Mesos. > > -- > > Tom Arnfeld > Developer // DueDil > > (+44) 7525940046 > 25 Christopher Street, London, EC2A 2BS > > > On Thu, Apr 2, 2015 at 10:07 PM, John Omernik <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> True :) >> >> >> On Thu, Apr 2, 2015 at 3:37 PM, Tom Arnfeld <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> >>> Last time I checked haproxy didn't support UDP which would be key for >>> mesos-dns. >>> >>> -- >>> >>> Tom Arnfeld >>> Developer // DueDil >>> >>> (+44) 7525940046 >>> 25 Christopher Street, London, EC2A 2BS >>> >>> >>> On Thu, Apr 2, 2015 at 3:53 PM, John Omernik <[email protected] >>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>> >>>> That was my first response as well... I work at a bank, and the thought >>>> of changing dns servers on the clients everywhere made me roll my eyes :) >>>> >>>> John >>>> >>>> >>>> On Thu, Apr 2, 2015 at 9:39 AM, Tom Arnfeld <[email protected] >>>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>>> >>>>> This is great, thanks for sharing! >>>>> >>>>> It's nice to see other members of the community sharing more realistic >>>>> implementations of DNS rather than just "update your resolv conf" and it >>>>> works :-) >>>>> >>>>> -- >>>>> >>>>> Tom Arnfeld >>>>> Developer // DueDil >>>>> >>>>> (+44) 7525940046 >>>>> 25 Christopher Street, London, EC2A 2BS >>>>> >>>>> >>>>> On Thu, Apr 2, 2015 at 3:30 PM, John Omernik <[email protected] >>>>> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >>>>> >>>>>> Based on my earlier emails about the state of service discovery. I >>>>>> did some research and a little writeup on how to use mesos-dns as a >>>>>> forward >>>>>> lookup zone in a enterprise bind installation. I feel this is more >>>>>> secure, >>>>>> and more comfortable for an enterprise DNS team as opposed to changing >>>>>> the >>>>>> first resolver on every client that may interact with mesos to be the >>>>>> mesos-dns server. Please feel free to modify/correct and include this in >>>>>> the mesos-dns documentation if you feel it's valuable. >>>>>> >>>>>> >>>>>> Goals/Thought Process >>>>>> - Run mesos-dns on a non-standard port. (such as 8053). This allows >>>>>> you to run it as a non-root user. >>>>>> - While most DNS clients may not understand this (a different port), >>>>>> in an enterprise, most DNS servers will respect a forward lookup zone >>>>>> with >>>>>> a server using a different port. >>>>>> - Setup below for BIND9 allows you to keep all your mesos servers AND >>>>>> clients in an enterprise pointing their requests at your enterprise DNS >>>>>> server, rather than mesos-dns. >>>>>> - This is easier from an enterprise configuration standpoint. Make >>>>>> one change on your dns servers, rather than adding a resolver on all the >>>>>> clients. >>>>>> - This is more secure in that you can run mesos-dns as non-root (53 >>>>>> is a privileged port, 8053 is not) no sudo required >>>>>> - For more security, you can limit connections to the mesos-dns >>>>>> server to only your enterprise dns servers. This could help mitigate any >>>>>> unknown vulnerabilities in mesos-dns. >>>>>> - This allows you to HA mesos-dns in that you can specify multiple >>>>>> resolvers for your bind configuration. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Bind9 Config >>>>>> This was put into my named.conf.local It sets up the .mesos zone and >>>>>> forwards to mesos dns. All my mesos servers already pointed at this >>>>>> server, >>>>>> therefore no client changes required. >>>>>> >>>>>> >>>>>> #192.168.0.100 is my host running mesos DNS >>>>>> zone "mesos" { >>>>>> type forward; >>>>>> forward only; >>>>>> forwarders { 192.168.0.100 port 8053; }; >>>>>> }; >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> config.json mesos-dns config file. >>>>>> I DID specify my internal DNS server in the resolvers (192.168.0.10) >>>>>> however, I am not sure if I need to do this. Since only requests for >>>>>> .mesos will actually be sent to mesos-dns. >>>>>> >>>>>> { >>>>>> "masters": ["192.168.0.98:5050"], >>>>>> "refreshSeconds": 60, >>>>>> "ttl": 60, >>>>>> "domain": "mesos", >>>>>> "port": 8053, >>>>>> "resolvers": ["192.168.0.10"], >>>>>> "timeout": 5, >>>>>> "listener": "0.0.0.0", >>>>>> "email": "root.mesos-dns.mesos" >>>>>> } >>>>>> >>>>>> >>>>>> marathon start json >>>>>> Note the lack of sudo here. I also constrained it to one host for >>>>>> now, but that could change if needed. >>>>>> >>>>>> { >>>>>> "cmd": "/mapr/brewpot/mesos/mesos-dns/mesos-dns >>>>>> -config=/mapr/brewpot/mesos/mesos-dns/config.json", >>>>>> "cpus": 1.0, >>>>>> "mem": 1024, >>>>>> "id": "mesos-dns", >>>>>> "instances": 1, >>>>>> "constraints": [["hostname", "CLUSTER", "hadoopmapr1.brewingintel.com >>>>>> "]] >>>>>> } >>>>>> >>>>> >>>>> >>>> >>> >> > -- Text by Jeff, typos by iPhone
