DNS server settings for dual wan links 2

[zaccaz]

hi there, i got dual wan links so that each critical server has 2 ipaddr, my question is about the most appropriate dns server setup so that the rest of the world's dns server could get the update as soon as possible

assumed my dns server entries only with wan1 ipaddr, now wan1 down & i manually update all my dns server entries to wan2 ipaddr, due to caching other outside dns servers might still with entries of wan1, so what's the most appropriate solution?

i thought shorten the TTL could help, however sometimes the other dns servers might not following my TTL settings, right?

i thought round-robin setting so that each server already have 2 ipaddr there, however the client side will only got 50% to hit the server if one of the wan failed, right?

so what's the better solution? many thx!

 

[lhuegele]

Your question is pretty confusing - can you rephrase the question please?

Please also describe your environment in more detail (i.e. are you serving external DNS to the world for your domain? If so, what's the reasoning behind that?)

Good luck,

 

[elgrandeperro]

You probably DON'T want to round robin because if either link is down, you will have problems. You probably want to RRSET so that it is fixed (the order in your file). You could write a little scripto to flip the order around or some $INCLUDE stuff.

You probably DO want to set the TTL down, anyway.

I believe you DO want to put both ips for 2 reasons. I am not absolutely sure, but I believe most TCP stacks will timeout on the first address and then try the second, if the first server is truly down. At least that is my experience with like telnet. This is easily tested.

That way, even if an ISP falsely caches stuff ( My experience is some ISPs or perhaps it is a proxy do cache some stuff outside of the TTL.

 

[zaccaz]

sorry for late reply, here i would like to further explain the case

previously with 1 wan link, our smtp server only has 1 ipaddr say 1.2.3.4, now with 2 wan link, the smtp server could be resolved as 1.2.3.4 or 5.6.7.8

previously with 1 wan link, the dns server only got 1 entry to resolve smtp.mydomain as 1.2.3.4, now i want it to resolve smtp.mydomain as 5.6.7.8 as well

so what is the best way to set this up in dns server? ideally i want smtp.mydomain resolved as 1.2.3.4 primarily, and if the 1st wan link down then it should be resolved as 5.6.7.8

is it possible to do so? many thx!

 

[elgrandeperro]

SMTP has MX records, you can put both in with equal weight, and an MTA will try both. So that doesn't need any TTL adjustment, in fact it is better to have it big so you don't have lots of DNS queries.

DNS again is robust. Register BOTH as primary/secondary (it doesn't matter which is which). DNS (not a resolver mind you) is the first responder. So even if one is down, there is no delay. So declare them both, with your registrar AND in your DNS NS records.

I thought you were doing web servers, which takes a bit more thought.

 

[zaccaz]

thx elgrandeperro, yeah actually we do have web server as well, also need to consider the dns record issue, any further comments then? many thx!

 

[elgrandeperro]

Then I would try to use "fixed" rrset, with preference to the faster or most reliable WAN, which in BIND is the order in the file. I would have a lower (but not absurd) TTL like an hour.

Unfortunately, unlike MX records where the protocol provides a rollover, you cannot absolutely control how the TCP stack for the client will behave. The timeouts are set on the client side. But I believe (you can try it by adding a fake entry before your good ones, I will verify when I get in the office) when your primary WAN is down, the stack will use the next IP address. But it will be delay.

Take a look how google does it (they seem to use a CNAME point to a serices of A records. My guess is the CNAME is to set the locality, but the idea is the same).

 

[elgrandeperro]

Yeah, I don't see any delay for having the "offline" entry preceding the good one. So you should be good with RRSET and using fixed ordering for control. Or round-robin with low TTL.

I can't think of any other gotcha, someone else must be doing it this way!

 

[zaccaz]

thx elgrandeperro!