Health Check feature in BIND ?

[Gaurav Kansal]

Dear All,

 

I was just thinking whether it is possible to have a some type of health checking of servers through BIND DNS Server and DNS Server should replied to clients based on that only.

 

i.e., Suppose I have two entries of www record for domain xyz.in having ip address 10.1.1.10 and 10.2.2.10.

Now I want that my DNS Server should check whether the server is up or not before replying to clients.

If one is down, then DNS server should reply the IP address of the second one.

 

Although this is not a DNS Job and we should use Load-Balancer for this.

But I just wanna to check whether this feature is available in Bind or in any Open-Source Program which in turn can be combined with BIND to achieve the desired result.

 

 

Thanks and Regards,

Gaurav Kansal

Emp Code - 6274

Mob – 9910118448

 

Have you enabled IPv6 on something today...?

 

[Mike Hoskins (michoski)]

-----Original Message-----

From: Gaurav Kansal <gaurav...@nic.in>
Date: Monday, June 17, 2013 3:27 AM
To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Subject: Health Check feature in BIND ?

>Dear All,
>
>I was just thinking whether it is possible to have a some type of health
>checking of servers through BIND DNS Server and DNS Server should replied
>to clients based on that only.
>
>i.e., Suppose I have two entries of www record for domain
>xyz.in having ip address 10.1.1.10 and 10.2.2.10.
>Now I want that my DNS Server should check whether the server is up or
>not before replying to clients.
>If one is down, then DNS server should reply the IP address of the second
>one.
>
>Although this is not a DNS Job and we should use Load-Balancer for this.
>But I just wanna to check whether this feature is available in Bind or in
>any Open-Source Program which in turn can be combined with BIND to
>achieve the desired result.

You are right, this is not the job of DNS alone... A load balancer or
GSLB would be ideal.

There have been threads on similar things in the past. One I recall
involved DDNS and local glue. Scripts doing pings, port checks, etc
combined with low TTLs and dynamic updates to "route" around potential
problems.

Such an approach can have pitfalls, but does have a place and is
relatively easy to implement.

[Lawrence K. Chen, P.Eng.]

----- Original Message -----
> Dear All,
>
> I was just thinking whether it is possible to have a some type of
> health checking of servers through BIND DNS Server and DNS Server
> should replied to clients based on that only.
>
>
>
> i.e., Suppose I have two entries of www record for domain xyz.in
> having ip address 10.1.1.10 and 10.2.2.10.
>
> Now I want that my DNS Server should check whether the server is up
> or not before replying to clients.
>
> If one is down, then DNS server should reply the IP address of the
> second one.
>
>
>
> Although this is not a DNS Job and we should use Load-Balancer for
> this.
>
> But I just wanna to check whether this feature is available in Bind
> or in any Open-Source Program which in turn can be combined with
> BIND to achieve the desired result.
>

Well, doesn't DNS kind of already do this...if the first DNS server isn' up, then the user's resolver will timeout and try the next resolver....

OTOH, for Load-Balancer.... we use a BigIP LTM, where I have a pool with two DNS servers and use the DNS_Monitor script F5 (which basically does a 'dig @<node> <lookup-name> | grep <expected-response> >/dev/null' )

Works pretty well, one of the nodes is usually the first one I do when there's a bind update.

Additionally I hit all my DNS servers from nagios with the check_dns plugin.

[Mike Hoskins (michoski)]

-----Original Message-----

From: "<Lawrence K. Chen>", "P.Eng." <lkc...@ksu.edu>
Date: Monday, June 17, 2013 2:55 PM
To: Gaurav Kansal <gaurav...@nic.in>
Cc: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Subject: Re: Health Check feature in BIND ?

>----- Original Message -----
>> Dear All,
>>
>> I was just thinking whether it is possible to have a some type of
>> health checking of servers through BIND DNS Server and DNS Server
>> should replied to clients based on that only.
>>
>>
>>
>> i.e., Suppose I have two entries of www record for domain xyz.in
>> having ip address 10.1.1.10 and 10.2.2.10.
>>
>> Now I want that my DNS Server should check whether the server is up
>> or not before replying to clients.
>>
>> If one is down, then DNS server should reply the IP address of the
>> second one.
>>
>>
>>
>> Although this is not a DNS Job and we should use Load-Balancer for
>> this.
>>
>> But I just wanna to check whether this feature is available in Bind
>> or in any Open-Source Program which in turn can be combined with
>> BIND to achieve the desired result.
>>
>
>Well, doesn't DNS kind of already do this...if the first DNS server isn'
>up, then the user's resolver will timeout and try the next resolver....

For DNS/MX yes, but I didn't read that as a limitation of the original
request (e.g. how would you do the same auto-redirect with web or other
server types -- round robin alone can be particularly problematic).

You could certainly handle the more generic case with commercial
appliances, or a bit of tinkering on a budget.

[Mark Andrews]

The real problem is that there are a lot of clients out there that
do not failover to second address in a timely manner. There is
NOTHING that says you cannot attempt multiple connections at once
or after a short delay. You do NOT have to wait for connect() to
fail before attempting a second connection.

Clients that implement Happy Eyeballs (RFC 6555) fast fail between
IPv4 and IPv6. There is no reason not to do this whenever you have
multiple addresses of the same family rather than when you have a
mixture of IPv4 and IPv6 address.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org