Tony Finch
Sent: February 26, 2020 10:05 AM
To: Scott A. Wozny
Cc: bind-users@lists.isc.org
Subject: Re: NS failover as opposed to A record failover
Scott A. Wozny wrote:
>
> Failures aside, I’m worried about creating a bad user experience EVERY
> time I need to take a DNS server dow
Subject: Re: NS failover as opposed to A record failover
On Tue, Feb 25, 2020 at 6:38 PM Mark Andrews
mailto:ma...@isc.org>> wrote:
> On 26 Feb 2020, at 09:51, Scott A. Wozny
> mailto:sawo...@hotmail.com>> wrote:
>
> I know this isn’t a question ABOUT BIND, per se
Thanks very much for the feedback. I clearly have more research to do. :)
Scott
From: Mark Andrews
Sent: February 25, 2020 6:38 PM
To: Scott A. Wozny
Cc: bind-users@lists.isc.org
Subject: Re: NS failover as opposed to A record failover
> On 26 Feb 2
Scott A. Wozny wrote:
>
> Failures aside, I’m worried about creating a bad user experience EVERY
> time I need to take a DNS server down for patching.
I generally let resolvers handle retry/failover when I'm patching my
authoritative servers. Each resolver that encounters an author
On Tue, Feb 25, 2020 at 6:38 PM Mark Andrews wrote:
>
> > On 26 Feb 2020, at 09:51, Scott A. Wozny wrote:
> >
> > I know this isn’t a question ABOUT BIND, per se, but I think is still a
> question bind-users might have an answer to. I’ve seen various failover
>
> On 26 Feb 2020, at 09:51, Scott A. Wozny wrote:
>
> I know this isn’t a question ABOUT BIND, per se, but I think is still a
> question bind-users might have an answer to. I’ve seen various failover
> questions on the list, but nothing that talks specifically about NS recor
I know this isn’t a question ABOUT BIND, per se, but I think is still a
question bind-users might have an answer to. I’ve seen various failover
questions on the list, but nothing that talks specifically about NS records (at
least nothing in the last decade), so I thought I’d inquire here.
I’m
servers has issue, another one will automatically take
over for all 100% clients.
But, the fact is not. When one of them down, or frozen, half of users had lose
network without ip address.
My configuration is:
failover peer "primary_secondary" {
primary;
address 111.111.111.111;
:
failover peer "primary_secondary" {
primary;
address 111.111.111.111;
peer address 222.222.222.222;
port 8068;
peer port 8068;
max-response-delay 60;
max-unacked-updates 10;
mclt 300;
split 128;
load balance max seconds 3;
auto-partner-down
14, 2012 6:37 AM
To: bind-users@lists.isc.org
Subject: DNS BIND Failover Setup (High Availability)
Hi,
Can someone please point me to setup High Availability BIND DNS Server on
CentOS Linux version 5.8?
Regards,
Kaushal
___
Please visit https://lis
On Sep 14, 2012, at 4:36 PM, Kaushal Shriyan wrote:
> Thanks for the reply. Basically i am setting up Internal DNS Server
> within the same DC. Will Master Slave Replication suit the need?
Yes. (Oh, there are other ways of doing replication, but AFXR works fine.)
> and any step by step guide and
On Fri, Sep 14, 2012 at 10:20 PM, Chuck Swiger wrote:
> On Sep 14, 2012, at 4:37 AM, Kaushal Shriyan wrote:
>> Can someone please point me to setup High Availability BIND DNS Server
>> on CentOS Linux version 5.8?
>
> Sure; read the fine BIND ARM:
>
>http://www.isc.org/software/bind/documentat
On Sep 14, 2012, at 4:37 AM, Kaushal Shriyan wrote:
> Can someone please point me to setup High Availability BIND DNS Server
> on CentOS Linux version 5.8?
Sure; read the fine BIND ARM:
http://www.isc.org/software/bind/documentation
Setup and register as many nameservers for your domains as y
Hi,
Can someone please point me to setup High Availability BIND DNS Server
on CentOS Linux version 5.8?
Regards,
Kaushal
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-use
>>> On 31/05/11 09:28, Matus UHLAR - fantomas wrote:
This problem could be avoided by providing the same data, but differently
sorted, correct?
>>
>> On 31.05.11 12:27, Phil Mayers wrote:
>>> Not really. Client side sorting may take place (e.g. to comply with RFC
>>> 3484 policies in call
On 01/06/11 08:11, Matus UHLAR - fantomas wrote:
On 31/05/11 09:28, Matus UHLAR - fantomas wrote:
This problem could be avoided by providing the same data, but differently
sorted, correct?
On 31.05.11 12:27, Phil Mayers wrote:
Not really. Client side sorting may take place (e.g. to comply wit
e DNS responses.
You get sub-second failover on new connections.
Easy there fellow We run with a 15m TTL and we get no complaints
from customers. Sure I am sure someone somewhere does get an error but
they are not enough for people to email us and call us...
Prior to DNS racing we use t
> On 31/05/11 09:28, Matus UHLAR - fantomas wrote:
>> This problem could be avoided by providing the same data, but differently
>> sorted, correct?
On 31.05.11 12:27, Phil Mayers wrote:
> Not really. Client side sorting may take place (e.g. to comply with RFC
> 3484 policies in calls to getaddri
On 31/05/11 09:28, Matus UHLAR - fantomas wrote:
This problem could be avoided by providing the same data, but differently
sorted, correct?
Not really. Client side sorting may take place (e.g. to comply with RFC
3484 policies in calls to getaddrinfo) and destroy any server-side sorting.
___
> In message <4de43e3e.2040...@chrysler.com>, Kevin Darcy writes:
> > Normally I'd defer to your vastly greater knowledge and experience in
> > DNSSEC, but here in the U.S. we have a saying "I'm from Missouri", which
> > is a roundabout way of expressing "show me" ("Show Me" being the
> > unoffi
In message <4de43e3e.2040...@chrysler.com>, Kevin Darcy writes:
> Normally I'd defer to your vastly greater knowledge and experience in
> DNSSEC, but here in the U.S. we have a saying "I'm from Missouri", which
> is a roundabout way of expressing "show me" ("Show Me" being the
> unofficial slog
ve that this co-exists with DNSSEC; otherwise
it's a non-starter. While you're at it, some data proving that this
actually enhances performance or availability would be nice too.
On further examination it will work w/ DNSSEC. As for availability
it will decrease it as there is no way
be nice too.
On further examination it will work w/ DNSSEC. As for availability
it will decrease it as there is no way the client can do the failover
for itself as it no longer has the necessary data. As for performance,
your milage may vary, as they say in car commercials.
Mark
--
Mark Andrews,
It is still a bad idea. Fixing the clients so they work well with
multi-homed servers not only works today with mostly IPv4 servers
but also works well with dual stack server and IPv6 only servers.
You don't have to have artifially low TTLs on the DNS responses.
You get sub-second failov
Get back to us when you prove that this co-exists with DNSSEC; otherwise
it's a non-starter. While you're at it, some data proving that this
actually enhances performance or availability would be nice too.
Hello,
I am reading this mailing as a digest so sorry for the late
replies. Firstly we have been using this method for over 4 years and
I've yet not had one person tell me that they can connect to our servers
using POP3, SMPT, IMAP or WEB.
1. Mark, Regarding Chrome, my last big cr
. In theory up to
> 14 different ISPs/IPs could be used to do the delivery.
>
> IT is a poor man’s replacement for BGP multihoming and IP anycast.
>
> For those that want a full explanation and an implementation guide.
> http://blog.hk.com/index.php?/archives/84-DNS-Racing.-Multi
Warren Kumari
--
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
On May 29, 2011, at 9:32 PM, Mark Andrews wrote:
>
> In message <2c591af8-860d-45a5-9f3a-3603f3733...@kumari.net>, Warren Kumari
> writes:
>>
>> Um, how?
>>
>> Surely you can just sign the r
In message <2c591af8-860d-45a5-9f3a-3603f3733...@kumari.net>, Warren Kumari
writes:
>
> Um, how?
>
> Surely you can just sign the responses, same as any others?
>
> Maybe I'm missing something obvious, but this just looks like "normal"
> DNS LB...
>
> W
It depends on who is doing the modifi
Warren Kumari
--
Please excuse typing, etc -- This was sent from a device with a tiny keyboard.
On May 29, 2011, at 5:52 PM, Alan Clegg wrote:
> On 5/29/2011 5:12 PM, Maren S. Leizaola wrote:
>
>> IT is a poor man’s replacement for BGP multihoming and IP anycast.
>
>> Hey it is Free and
And if people used happy-eyeballs[1] or similar[2] in the applications
this would not be needed. Chrome already does this with their
latest browser. It uses a 300ms timer to switch to the next address.
Happy-eyeballs was primarially written to deal with broken 6to4
links but the techniques are
On 5/29/2011 5:12 PM, Maren S. Leizaola wrote:
> IT is a poor man’s replacement for BGP multihoming and IP anycast.
> Hey it is Free and you can implement it using BIND.
And you've just broken DNSSEC.
AlanC
signature.asc
Description: OpenPGP digital signature
anycast.
For those that want a full explanation and an implementation guide.
http://blog.hk.com/index.php?/archives/84-DNS-Racing.-Multi-ISP-load-balancing-with-failover-using-DNS..html
Hey it is Free and you can implement it using BIND.
Regards,
Maren
On Apr 27 2009, Mohammed Ejaz wrote:
Can it be possible through the bind, www records should work as failover, I
mean during the primary record unavailable and then it should go for next
www only, Pls. note that I don't want let they work as round robin function.
1. Primary www record poi
The Best - use carp (VRRP) protocol for it or nginx proxy server.
Or you can use dynamic update for zone:
ping -c 5 your.host || nsupdate ...
Mohammed Ejaz wrote:
> Hi all,
>
>
>
> Can it be possible through the bind, www records should work as
> failover, I mean during
In article ,
wrote:
> This is not the DNS job to check at the web service availability.
> You could make an external script that is testing for the service availibil=
> ity
> and change the dns accordingly, like (...) :
>
> web1 active ?
> yes : was it active at last test ?
> y
, April 27, 2009 10:00 AM
To: me...@cyberia.net.sa; bind-users@lists.isc.org
Subject: RE: Failover
This is not the DNS job to check at the web service availability.
You could make an external script that is testing for the service
availibility
and change the dns accordingly, like
...@lists.isc.org] On Behalf Of Mohammed Ejaz
Sent: Monday, April 27, 2009 8:11 AM
To: bind-users@lists.isc.org
Subject: Failover
Hi all,
Can it be possible through the bind, www records should work as failover, I
mean during the primary record unavailable and then it should go for next www
only
done in a basic software load balancer.
--
Scott
Iphone says hello.
On Apr 26, 2009, at 11:10 PM, "Mohammed Ejaz"
wrote:
Hi all,
Can it be possible through the bind, www records should work as
failover, I mean during the primary record unavailable and then it
should go for next
Hi all,
Can it be possible through the bind, www records should work as failover, I
mean during the primary record unavailable and then it should go for next
www only, Pls. note that I don't want let they work as round robin function.
1. Primary www record pointing 1.2.3.4 as long
"Andrew JW" wrote:
We run this on Linux using quagga and zebra. The script is a reasonably
[...snip...]
I'd urge caution on route injection using CSS/CSM, we've had some bad
experiences with it (specially the h/a features), ACE is better, but
still not perfect.
So far the only problem I've
Hi Gordon,
I am running several Bind 9.4.x nameservers inside and outside.
Inside I can see my clients, diverse Linuxes, query ns1 and when there
does not come an answer within a second, they query ns2 from
/etc/resolv.conf.
So ns2 will ask the same request ns1 did - but one second later and
to
I have just implemented DNS anycasting on our inside network using Cisco
content switches to monitor the health of the servers and to advertise an
OSPF route when the back-end services are alive. I have three CSS's
simultaneously advertising the same service address to the network, and
clients
43 matches
Mail list logo
