[H-GEN] DNS Load sharing

Timothy Hitchens tim at hitcho.com.au
Thu Oct 17 06:06:39 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

I would be concered about this for one reason.. if the load balancing machine
goes down.. down goes DNS totally.



David Findlay wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Has anyone had problems with DNS replies from DNS server farms? One very large 
> ISP has recently changed from a single primary and single secondary DNS 
> server to one DNS server farm, run by a load balancer of some sort. They now 
> tell you not to put anything in as a secondary, only to enter a primary in 
> your settings. I believe that this is not a good idea.
> 
> Also, when you send a DNS lookup to their farm, you send it to address X which 
> is the load balancer. Then box Y behind the load balancer responds to you 
> directly. This basically means that you have to open your firewall to DNS 
> replies from all their boxes, and when they add a new one, or change 
> something you have to go and change all your settings. This can be difficult 
> if you maintain a large number of routers. They are saying that you should 
> open port 53 wide open. I don't think that this is a very good idea if you 
> want a secure network. 
> 
> So here's the question. With load balancing, are all replies supposed to 
> appear to come from the load balancer external address, or not? Thanks,
> 
> David
> 
> - -- 
> If you give someone a program, you will frustrate them for a day. If you teach 
> them how to program, you will frustrate them for a lifetime.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> 
> iD8DBQE9roALZOfFgbBAbXARAn4iAJ44xC+Tf5qAFq8TeDbWay8My6bJRQCdElIf
> bC8pi75k1iHs+gC2vRa1Bf4=
> =3qyO
> -----END PGP SIGNATURE-----
> 
> 
> --
> * This is list (humbug) general handled by majordomo at lists.humbug.org.au .
> * Postings to this list are only accepted from subscribed addresses of
> * lists 'general' or 'general-post'.  See http://www.humbug.org.au/

-- 
Timothy Hitchens (HiTCHO)
Web Application Analyst and Developer
e-mail: tim at hitcho.com.au
mobile: 0419 521 440
 


-------------------------------------------------
HiTCHO Group - ABN: 85 816 540 110
Web Site: http://www.hitcho.com.au/
Snail Mail: PO Box 101 Arana Hills QLD 4054
Telephone: 07 3351 0951 - Facsimile: 07 3351 0952


IMPORTANT:
This email may be the view of the individual and
not that of the organisation. The contents of
this electronic mail (including attachments) may
be privileged and commercially confidential.

Any unauthorised use of the contents is expressly
prohibited. If you have received this document in
error, please advise us by telephone immediately
and then delete the document.
 


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list