On Wed, 31 Aug 2005, Mike McGrath wrote:
I'm curious about how others in the Fedora community are doing DNS failover. Specifically I have two sites, one primary (in a large city) and one secondary (out in the middle of nowhere). The idea is that we'd host DNS out of the secondary site to use the web servers in the primary site. My question is how are people handling outages at the main site. If the primary site burns down or all the servers get stolen or something, is my only option a manual of the configs to point from one to the other?
Slightly different than what you are asking, but we multi-home our servers and placed a DNS server in each IP net that returned _only_ the addresses for that subnet with a 900 second TTL. If we experience loss of IP on one pipe, that renders the appropriate DNS server immediately unreachable leaving only the good pipe's addresses being returned on fresh queries while the stale unreachable addresses will expire within 15 minutes.
This has worked very well for us in practice since the only people impacted by a loss of a pipe are those who were actually browsing our website servers via the down net in the few minutes before the network outage while lettings us get the good routing of being in two large tier-1 ISP routing blocks (IP blocks of less than roughly a /18 just don't get good routing IME because of backbone routers dropping small subnet routes).
The problem with browsers caching IPs until the browser is killed is not fully soluble via any DNS based system.
You can trade that for a portable block of IP addresses and broadcast your routes, but you wil take a hit on normal routing of a small subnet and on the reconvergence time of routes after any failure.
There are no perfect solutions to this issue, AFAIK. Every solution will have some failure mode that will impact you more or less depending on your own requirements.
-- Jerry Simple things should be simple, complex things should be possible. - Alan Kay