[wplug] OT - request for comment on an idea

Christopher DeMarco cmd at alephant.net
Fri Jun 3 15:02:13 EDT 2005 

On Fri, Jun 03, 2005 at 01:57:39PM -0400, Chris Romano wrote:

> I would like to manage our DNS internally and not have verizon host
> it.  I would setup two DNS servers; one server will be here (primary)
> and the second one will be at an off-site datacenter (secondary).

If you're doing so, you may want to consider djbdns
(cr.yp.to/djbdns.html) instead of BIND:
a) less-frequent updates and almost no remote exploits
b) very lightweight
c) simpler (imho) zone transfers

If you need help with djbdns I'll be glad to assist.


> On the secondary server I want to have a copy of our
> website/db/email systems.  The services will not be running by
> default but will have up-to-date data.  The reason for this is, I

How will you synchronize the content?  Typically the content synch is
more of a challenge than the high availability.  Please explicate your
plans; I (as well as other list members, I suspect) have decent
experience in this realm.


> if the IP is cached on the requesting DNS server.  I am not too
> familiar with DNS yet, so in this case will the site be down until
> the requesting DNS server refreshes it's cache?

Correct.  Clarify your terminology: if a client requests resolution of
www.yourdomain.com, its local nameserver will contact your nameserver
(which is authoritative for yourdomain.com) for resolution - unless
the client's local nameserver has cached the record, in which case it
will return the cached record to the client.

The TTL (time-to-live) value for a record controls the amount of time
(in seconds) which a remote nameserver may cache the record.
Therefore, the maximum interval during which your webserver will be
unreachable is the TTL (assuming everything else goes ok).  Bear in
mind, however, that lowering the TTL will increase the frequency of
DNS queries - it's not typically a burden on your network, but the DNS
software itself can be resource-hungry given many and/or large
zonefiles.  Yet another reason to choose djbdns over BIND.


> So is there a better way of doing this or am I at least somewhat on
> the right track?  I hope that I explained that well enough.

The problem with this setup is that you'll be hacking scripts to
detect and respond to failover.  Fun, but not always the best
solution.  So I ask the following question:

Why are you doing this?  What are you trying to insure against?

If the answer is some business function which causes money to
disappear when it's unavailable, you may be able to secure a budget to
do this in a more cost-effective way.  Not to disparage either your
own skills or the minimal cost of such a solution, but if you're
trying to offset the potential loss (for example) of $1,000 in sales
during a 4-hour hardware outage, then perhaps a different solution is
in order.

Some ideas:

  - Can you shift these services to a hosting/co-lo provider who will
  give you redundant everything?

	- Protecting email can be as simple as adding a second
	(lower-priority) MX record, and running an offsite store-and-forward
	host in case the primary goes down.  Many providers (fastmail.fm,
	easydns.net, just off the top of my head) have "backup MX" services,
	and if you know anybody who runs a mailserver you can probably work
	out a piggyback arrangement.

	- Databases can (sometimes) be clustered.  You don't want to run
	MySQL Cluster over a WAN, but if all you're preserving is
	read-access during a failure event, then you can setup a MySQL slave
	off-site.

  - Get a second Internet connection, and load-balance incoming
  requests between them (round-robin DNS[1] coming in).  This saves
  you the trouble of hosting off-site and synchronizing over a WAN.
  You're now safe from network outages - you'll write the same script
  DNS-side to ensure that broken connections get taken out of the
  zonefile. Then you can build a second (third, nineteenth) server
  in-house, living behind a LVS (http://linuxvirtualserver.org)
  load-balancer .


`,`,`

Hope this helps at least somewhat, to get you thinking of
alternatives.  Like I said above, the biggest piece in the puzzle -
content synchronization - isn't explicit.  Give us a clue how you're
going to solve this one.

I've done work like this before, e.g. we set up wide-area HA/LB for
AirAsia between two datacenters - so if you'd like to email/call me
directly I can probably help steer you in the right direction.



[1] use a *REAL* RR DNS, where only one record is returned, not a
broken
(http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-round-robin-is-useless.html)
implementation!  (sorry for the long link)

-- 
Christopher DeMarco <cmd at alephant.net>
Alephant Systems (http://alephant.net)
PGP public key at http://pgp.alephant.net
+1 412 708 9660
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.wplug.org/pipermail/wplug/attachments/20050603/c0defa95/attachment.bin

More information about the wplug mailing list