- Posts: 521
- Thank you received: 0
Failover
20 years 1 month ago #5685
by tfs
Thanks,
Tom
Anyone doing any failover work?
We are setting up a network with 2 Wans. 1 will be either a t1 (or N x T1 3) and a DSL that we want to use for failover.
Our problem is that we will have 2 different sets of addresses. On our current DSL line we have 5 useable address 64.15.23.(1-5). The new T1 line will have another set, 85.101.15.(1-5) for example.
If we have a device that will failover to the other network when the first one goes down, how do we handle the DNS????
For example, if our name is www.interez.com which translates to 64.15.23.2 and the line goes down, what happens when we switch to our other line. WWW.Interez.com is still going to pointing at 64.15.23.2. How do we get it changed to the 84.101.15.X network?
I was looking at a software solution called simplefailover at www.simplefailover.com which looks promising.
I just don't know how you can just change the Public DNS servers (Private DNS servers would be a different matter).
I was curious how this would be done.
Thanks
We are setting up a network with 2 Wans. 1 will be either a t1 (or N x T1 3) and a DSL that we want to use for failover.
Our problem is that we will have 2 different sets of addresses. On our current DSL line we have 5 useable address 64.15.23.(1-5). The new T1 line will have another set, 85.101.15.(1-5) for example.
If we have a device that will failover to the other network when the first one goes down, how do we handle the DNS????
For example, if our name is www.interez.com which translates to 64.15.23.2 and the line goes down, what happens when we switch to our other line. WWW.Interez.com is still going to pointing at 64.15.23.2. How do we get it changed to the 84.101.15.X network?
I was looking at a software solution called simplefailover at www.simplefailover.com which looks promising.
I just don't know how you can just change the Public DNS servers (Private DNS servers would be a different matter).
I was curious how this would be done.
Thanks
Thanks,
Tom
20 years 1 month ago #5686
by nske
Replied by nske on topic Re: Failover
I have no experience in failover implementations, so I may be well outside the subject, but what I understood is that you want a DNS server to change it's records upon certain events? (such as the receival of a specific message from the device/computer that does the failover or even the result of a local periodic check i.e. via ping)?
If so, you can automate this in unix & bind with the help of bash scripts (i.e. by using sed to modify the zone file and replace whatever entry you want and rndc to reload the file for the bind). The execution of the bash scripts could be triggered to happen in various ways, i.e. you could even use a door-knocking listening daemon to execute them upon receival of a special message that your failover computer device will send at the proper time, or even simply execute periodically via the cron daemon a script that will issue ping requests to check whether some interface appears online or offline and execute the proper bash scripts according to the returned output.
The other issue, that of uninteruptable DNS server's own accessibility from the outside, could be settled in a number of ways. The best I can think of, is to use two (synchronized) DNS server, each one listening in each of the public networks, and configured both as authorative (so if one fails the other will automatically be querried). Of course it could be the same box listening to both interfaces, if practially easy!
I hope I didn't miss completelly the point of the problem, sorry if I did, I really need some sleep at the time of writing!
If so, you can automate this in unix & bind with the help of bash scripts (i.e. by using sed to modify the zone file and replace whatever entry you want and rndc to reload the file for the bind). The execution of the bash scripts could be triggered to happen in various ways, i.e. you could even use a door-knocking listening daemon to execute them upon receival of a special message that your failover computer device will send at the proper time, or even simply execute periodically via the cron daemon a script that will issue ping requests to check whether some interface appears online or offline and execute the proper bash scripts according to the returned output.
The other issue, that of uninteruptable DNS server's own accessibility from the outside, could be settled in a number of ways. The best I can think of, is to use two (synchronized) DNS server, each one listening in each of the public networks, and configured both as authorative (so if one fails the other will automatically be querried). Of course it could be the same box listening to both interfaces, if practially easy!
I hope I didn't miss completelly the point of the problem, sorry if I did, I really need some sleep at the time of writing!
20 years 1 month ago #5691
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Failover
No, you didn't.
That is kind of what simplefailover does. I just don't know how it is going to change public DNS servers. I can see how it might be able to work with a Privage DNS server
I am using W2K, BTW.
I am also looking into Dynamic DNS. I was looking at www.dyndns.com as this is supposed to allow home users with dynamic IPs to run a web server at home and not have to get a static IP.
The other problem with change the Public DNS records, is the propagation time.
That is kind of what simplefailover does. I just don't know how it is going to change public DNS servers. I can see how it might be able to work with a Privage DNS server
I am using W2K, BTW.
I am also looking into Dynamic DNS. I was looking at www.dyndns.com as this is supposed to allow home users with dynamic IPs to run a web server at home and not have to get a static IP.
The other problem with change the Public DNS records, is the propagation time.
Thanks,
Tom
20 years 1 month ago #5698
by nske
Replied by nske on topic Re: Failover
when you say public you mean a dns server that you do not have the control of it? Since you have static IP addresses and a decent internet connection, why don't you set your own public dns server(s) so that you have the full control?
Also, by setting a minimum $TTL value in the zone, you would have no problem with propagation time as you would force the other DNS servers to flush your domain from their cache quickly.
Of course you can use dynamic DNS as well. It is not just dyndns.com that provides the service, enom.com and registerfly.com (that I know from personal experience) and many others that I've seen, provide it for free to their customers. You just need to have a tiny client of a few KB size running all the time (there are many and free available for every platform) and it will check & update the information to the DNS server periodically.
Also, by setting a minimum $TTL value in the zone, you would have no problem with propagation time as you would force the other DNS servers to flush your domain from their cache quickly.
Of course you can use dynamic DNS as well. It is not just dyndns.com that provides the service, enom.com and registerfly.com (that I know from personal experience) and many others that I've seen, provide it for free to their customers. You just need to have a tiny client of a few KB size running all the time (there are many and free available for every platform) and it will check & update the information to the DNS server periodically.
20 years 1 month ago #5709
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Failover
I am checking into that now.
Dyndns is owned by someone else now. I talked to them Friday and the person I talked to didn't seem to think their service would do it. He said to check their "Custom DNS" to see if that would solve the problem.
I am also looking at a program simplefailover, but not sure that will work for Public DNS.
When I say Public, I am talking about the ISP that is handling your Domain name. If you change it at your business, it doesn't propagate throughout the internet (at least not the way I have seen).
Dyndns is owned by someone else now. I talked to them Friday and the person I talked to didn't seem to think their service would do it. He said to check their "Custom DNS" to see if that would solve the problem.
I am also looking at a program simplefailover, but not sure that will work for Public DNS.
When I say Public, I am talking about the ISP that is handling your Domain name. If you change it at your business, it doesn't propagate throughout the internet (at least not the way I have seen).
Thanks,
Tom
20 years 1 month ago #5712
by nske
You can ask that ISP (the registrar) to make authorative for the domain whatever dns server(s) you want. So what I would do based on what I understand of the situation, is the following:
- Make your private dns server accessible to the internet, on public IP addresses from both of your connections (DSL and T1). i.e by Port Forwarding at your routers on 53 UDP & TCP of the dns server.
- Contact your registrar that handles your domain name and ask him 2 things:
> to setup 2 glue records for your domain in the TLD registry, with the form ns1.domain.com and ns2.domain.com and match each one of them with each of your public IP addresses from your two connections where your set port forwarding to your private dns server.
> to make these authorative for your domain.
Of course you may be able to do the above on your own if they provide you with a web-based administration panel.
- From that point after, your private DNS server will be authorative for your domain to the internet and will be queried by everyone. If for some reason your IP address from your first line goes off (ns1.domain.com goes off), then ns2.domain.com that will route through your second line, will be querried automatically, so there will be no problem.
- You can extinguish completelly the problem of propagation delay, by setting an extremelly low $TTL value for your zone, which now you will be able to do since you have the complete control of your public DNS server
So your only consideration is then how to change the records on your dns server on the fly, but you can use simplefailover or whatever other method for that job. I just have the feeling that if the server was not running windows you would have a larger variety of choises
Replied by nske on topic Re: Failover
When I say Public, I am talking about the ISP that is handling your Domain name. If you change it at your business, it doesn't propagate throughout the internet (at least not the way I have seen).
You can ask that ISP (the registrar) to make authorative for the domain whatever dns server(s) you want. So what I would do based on what I understand of the situation, is the following:
- Make your private dns server accessible to the internet, on public IP addresses from both of your connections (DSL and T1). i.e by Port Forwarding at your routers on 53 UDP & TCP of the dns server.
- Contact your registrar that handles your domain name and ask him 2 things:
> to setup 2 glue records for your domain in the TLD registry, with the form ns1.domain.com and ns2.domain.com and match each one of them with each of your public IP addresses from your two connections where your set port forwarding to your private dns server.
> to make these authorative for your domain.
Of course you may be able to do the above on your own if they provide you with a web-based administration panel.
- From that point after, your private DNS server will be authorative for your domain to the internet and will be queried by everyone. If for some reason your IP address from your first line goes off (ns1.domain.com goes off), then ns2.domain.com that will route through your second line, will be querried automatically, so there will be no problem.
- You can extinguish completelly the problem of propagation delay, by setting an extremelly low $TTL value for your zone, which now you will be able to do since you have the complete control of your public DNS server
So your only consideration is then how to change the records on your dns server on the fly, but you can use simplefailover or whatever other method for that job. I just have the feeling that if the server was not running windows you would have a larger variety of choises
Time to create page: 0.139 seconds