[sdnog] DNS Failover
pokui at psg.com
Tue May 17 11:49:43 SAST 2016
Hi Manhal, all,
On 17 May 2016, at 8:00 EAT, Manhal Mohammed wrote:
> Hello SdNOGgers hope you are doing grate ^_^
> my question is about DNS fail over , i have DR site and want to make a
> DNS failover but from reading, it seems like DNS failover is not
> recommended , due to some considerations like TTL , and update time
> so what are the better solutions to achieve failover between two
> different data centers ? what if i want the DR site to be reached via
> my original IP addresses, or via a different IP address ?
I assume you mean authoritative DNS (i.e one serving records for your
domain name) not recursive (one you use to lookup records).
Firstly you can have as many DNS servers as you need, and they can be
all over the world. SdNOG has four … this allows you to still serve
the zone data even if one of the name servers goes down.
~ ❯❯❯ dig sdnog.sd ns
; <<>> DiG 9.8.3-P1 <<>> sdnog.sd ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58050
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;sdnog.sd. IN NS
;; ANSWER SECTION:
sdnog.sd. 300 IN NS ns2.sudren.sd.
sdnog.sd. 300 IN NS ns0.serendipity.org.za.
sdnog.sd. 300 IN NS ns1.serendipity.org.za.
sdnog.sd. 300 IN NS ns1.sudren.sd.
;; Query time: 4420 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 17 12:33:08 2016
;; MSG SIZE rcvd: 123
Secondly if say you have a web server that you want accessible from both
places, you need to decide a few things:
1. Is the DR site used for access if the main one is off or only when
the main one goes down?
2. How are you keeping the data in sync?
So ideally the different sites would have separate IP blocks. So if your
answer to 1 is the DR site is only used if the main one goes down the
easiest (using just DNS) would be to have records with short TTLs for
the shared resource. Taking the example of a web server you could have.
main-server 3600 IN A 22.214.171.124
dr-server 3600 IN A 126.96.36.199
website 300 IN CNAME
When your main site goes down you’d change the CNAME to point to
dr-server. Instead of a CNAME you can use the A record you want. In this
case once you made the change of the CNAME it’d take at most 5 minutes
(300 seconds) for everyone to notice the change. You typically want to
have longer TTLs for the records that you don’t need to change that
If your answer to 1 is you want both to be used at once, then you have
to answer 2 carefully. What happens when someone edits data at the main
site and someone else does the same at the DR site? If you’ve sorted
out concurrency etc, then you can either do a load balancer (which
should be outside both data centres and becomes your point of failure).
In this case the A record for website would be the load balancer which
then decides if it’s going to serve from the main site or the DR. Keep
in mind what happens if the load balancer fails or is overwhelmed.
Alternatively (or additionally for the loadbalancer) you can use
anycast. With any cast you can have an IP block (say a 188.8.131.52/24)
that you announce from both sites. The A record for “website” would
be out of 184.108.40.206. You’d then use 1.2.3/0/24 and 220.127.116.11/24 for
syncing data between the sites. (note that this is an
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sdnog