RE: LoadBalancing products: Foundry ServerIron
Right. However the common solution is to delegate a small subdomain just for the 3dns'ed RR's to it (and perhaps cname to them from the top level).
I figured. And also considered the sub-delegation. Only one problem. More often than not the website "www.domain.com" also wants "domain.com" pointing to their service. If you point it all at the 3DNS, that kind of blows the sub-delegation theory. AND, if you sub-delegate the "www.domain.com" and put an entry in the domain.com zone record on your regular DNS server - it can be managed OK for a few domains, but what about when you have a very large server farm... [eyes rolling] gads!
Yep, its a hacked up bind8. Haven't taken the time to pull it apart as much as I'd like, but I would be surprised if anything you could do with ~8.1 didn't work with their box.
We should all hammer on Vixie or ISC to get this in BIND anyways. Wouldn't that be sweet and save us all $30-40k per device.... -----Original Message----- From: kevin graham [mailto:kgraham@dotnetdotcom.org] Sent: Thursday, July 06, 2000 9:31 AM To: Karyn Ulriksen Cc: 'Ted Mektrakarn'; 'nanog@merit.edu' Subject: RE: LoadBalancing products: Foundry ServerIron
It seems from what I have read that 3DNS wants to do all DNS for the domain zone including MX, CNAMEs, etc.
Right. However the common solution is to delegate a small subdomain just for the 3dns'ed RR's to it (and perhaps cname to them from the top level).
Do you know if it supports SRV records (Windows 2000 machines managed by ADS are happier when they can manage these records), ACLs for the zone record IXFRs from the 2000 machines, etc? Are the running some modified version of BIND to accomodate this?
Yep, its a hacked up bind8. Haven't taken the time to pull it apart as much as I'd like, but I would be surprised if anything you could do with ~8.1 didn't work with their box. ..kg..
I figured. And also considered the sub-delegation. Only one problem. More often than not the website "www.domain.com" also wants "domain.com" pointing to their service. If you point it all at the 3DNS, that kind of blows the sub-delegation theory.
Yep. That hoses it.
AND, if you sub-delegate the "www.domain.com" and put an entry in the domain.com zone record on your regular DNS server - it can be managed OK for a few domains, but what about when you have a very large server farm... [eyes rolling] gads!
Presumably this is for large server farms that server large numbers of domains. I would guess this is why Akamai is selling their services for DNS as well as content now.
We should all hammer on Vixie or ISC to get this in BIND anyways. Wouldn't that be sweet and save us all $30-40k per device....
This would solve only half the problem -- one of the main advantages of the 3DNS product (and DDirector, probably) is its integration with its local load balancing brother. There's a fair amount of logic you've got to have the node local to the servers -- at the simplest level, returning a metric based on RTT to the querying nameserver. However, the 3DNS software on a BIG-IP is also figures in the current # of connections based on capacity, etc. The tiers of features would be 1) round-robin with node failure indication 2) metric based on RTT and 3) F5 supposedly is going to put its iQuery protocol on the RFC track, however I hope it will have a new name by that time to alleviate confusion with the DNS opcode and to not match /^i[A-Z]/. For ISC to go to the trouble, there would need to be more support than just F5, but there's the chicken-and-egg problem of Cisco not wanting to give up their DDirector sales by allowing the LDirector to seamlessly integrate with F5's product. Given that they're picking up $30-40k per box to do this, having it commoditized (either by an ISC implementation of their own protocol, or supporting a 3rd party protocol) wouldn't seem like a business wise decision. Perhaps some of the end-user ISPs could shed some light -- how topologically close are your forwarding nameservers to the end user? ... All of this still doesn't answer the underlying problem that any solution to this problem is going to suck, its just a question of how bad. Given the opinions on BGP for this application so far, DNS seems the only feasible place to implement this with the current infrastructure. If a forwarding dns server were to include the host on whose behalf it was asking (...hoping of course that in NAT'ed situation, the name server would be outside of the NAT) then some _very_ nice things could be done in regards to monitoring ACK RTT times on the end-node (the local load balancer) ... Over time, with more hosts, internal prefix lengths could begin to represent a fairly accurate representation of network topology (provided proper aging, etc was in place to accomodate re-routed traffic). Ugh. I guess this is going critically OT. ..kg..
participants (2)
-
Karyn Ulriksen
-
kevin graham