On Wed, 31 Aug 2005, Mike McGrath wrote:
I'm curious about how others in the Fedora community are doing DNS
failover. Specifically I have two sites, one primary (in a large city)
and one secondary (out in the middle of nowhere). The idea is that we'd
host DNS out of the secondary site to use the web servers in the primary
site.
My question is how are people handling outages at the main site. If the
primary site burns down or all the servers get stolen or something, is
my only option a manual of the configs to point from one to the other?
Slightly different than what you are asking, but we multi-home our servers
and placed a DNS server in each IP net that returned _only_ the addresses
for that subnet with a 900 second TTL. If we experience loss of IP on one
pipe, that renders the appropriate DNS server immediately unreachable
leaving only the good pipe's addresses being returned on fresh queries
while the stale unreachable addresses will expire within 15 minutes.
This has worked very well for us in practice since the only people
impacted by a loss of a pipe are those who were actually browsing our
website servers via the down net in the few minutes before the network
outage while lettings us get the good routing of being in two large tier-1
ISP routing blocks (IP blocks of less than roughly a /18 just don't get
good routing IME because of backbone routers dropping small subnet
routes).
The problem with browsers caching IPs until the browser is killed is not
fully soluble via any DNS based system.
You can trade that for a portable block of IP addresses and broadcast your
routes, but you wil take a hit on normal routing of a small subnet and on
the reconvergence time of routes after any failure.
There are no perfect solutions to this issue, AFAIK. Every solution will
have some failure mode that will impact you more or less depending on your
own requirements.
--
Jerry
Simple things should be simple, complex things should be possible.
- Alan Kay
