Re: Software DNS hghi availability and load balancer solution

[Rhys Rhaven <rhys () rhavenindustrys com>]

Having hit these issues myself, I heavily recommend a real frontend
proxy like nginx or varnish.

On 01/18/2011 12:45 PM, William Herrin wrote:
> On Tue, Jan 18, 2011 at 12:42 PM, Sergey Voropaev
> <serge.devorop () gmail com> wrote:
> > Does any one know software sollutions (free is preferable) like as cisco GSS
> > and F5 BIG-IP? The main point is that DNS-server (or dns server plugin) must
> > be able to monitor server availability (for example by TCP connect) and from
> > DNS-reply depends on it.
> Sergey,
>
> I have no suggestions that directly answer your question. I'd write a
> script against bind myself. But if you're trying to fail over a web
> server, you're walking into a nasty trap.
>
> "DNS pinning" obstructs web browsers from finding a server on an
> alternate IP address regardless of the DNS TTL. The core issue is that
> allowing a browser running javascript to connect to a server other
> than the one from which the script came is a gigantic security hole.
> Someone realized you could do that by changing the IP address the host
> name pointed to, so now there's a convoluted and not entirely
> standardized set of rules for when and whether the browser allows it.
>
> Net result is that in some cases a user's long-running browser will
> indefinitely ignore the change you made to the DNS. I've seen such
> things persist for months.
>
> For better or for worse, the way you -reliably- fail over a web server
> is with routing and middleboxes like a load balancer.
>
> Regards,
> Bill Herrin