Solved

Load balance with SRV records (DNS)

Posted on 2013-11-17
12
1,242 Views
Last Modified: 2014-01-24
I am trying to setup load balance for a website (http/https), but a subdomain.
So, we have domain.com, and we have subdomain.domain.com

I have 2 identical replica's up for subdomain.domain.com
example IPs: 123.123.123.123 and 234.234.234.234

I have added two A-records for subdomain.domain.com, and that seems to balance fine.
HOWEVER, this does not do what is described here: http://www.zytrax.com/books/dns/ch8/srv.html

; foobar - use old-slow-box or new-fast-box if either is
; available, make three quarters of the logins go to
; new-fast-box.

What I want, and for this subdomain only, is setup a 50-50 load balance.

In PowerAdmin (using pDNS), I have:
_http._tcp.subdomain.domain.com 0 80 subdomain-server1.domain.com 0 3600
_http._tcp.subdomain.domain.com  0 80 subdomain-server2.domain.com 0 3600

Open in new window


(mind you, it is a bit different than the example on that link, cause poweradmin GUI does not allow it to setup exactly like that)

Anyway, I have done this. I ping subdomain, and I get the default I used by the wildcard A-record for domain.com

Any idea what I am doing wrong?
0
Comment
Question by:redworks
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
You need to re-read the first paragraph.  Mainly the sentence:

"It is not widely supported except notably by OpenLDAP and increasingly by VoIP systems in conjunction with the NAPTR RR."

Very few programs issue a lookup for SRV records.  Issuing a lookup for a SRV record is a separate process from doing a normal host name look up.   Just because you define SRV records does not mean that there is something out there actually using them.

I know of no web browsers that do SRV lookups.  There could be one or two, but I don't know of any.
0
 

Author Comment

by:redworks
Comment Utility
What would the best way of load balancing for HTTP be?
What I want, is a fail-over more than load balance. So, if a server is down, it automatically goes to the next...
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
What HTTP server are you running?

You can setup another HTTP server running Apache and have it be a reverse proxy server.  It will detect that one of your real HTTP servers is down and stop sending traffic to it.

http://gerrydevstory.com/2012/08/26/reverse-proxy-and-load-balancing-using-apache-mod_proxy/
0
 

Author Comment

by:redworks
Comment Utility
Thanks for this. The 2 nodes I have now are Apache indeed...
I read the article, and that would mean setting up a 3rd apache server "in front" of those two, to make it balance that... That would work, but it's not ideal.
If THAT (the balancer/proxy) goes down, both nodes are down too.

With DNS (SRV), this is different... we have plenty of slave DNS servers... It would then work, using the SRV logic from above.

Do we have an alternative here?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
This may help you:

http://www.howtoforge.com/high_availability_loadbalanced_apache_cluster

Or you could look at hardware load balancers like from F5 or Kemp.  You by a pair that run in a HA/Cluster.  They also can do SSL offload (if you are using SSL) and can do caching and compression.  But they are expensive.  The company I work for use F5, but Kemp is supposed to be just as good and less expensive.  We needed F5's iRule capability and Kemp did not have a function like this.

However a Apache just doing reverse proxy function has a slim chance of failing.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Normally it looks like this

www-balancer IN A 111.111.111.111
         IN A 222.222.222.222
ldap-balancer IN A 11.111.111.11
        IN A 222.222.22.222

www cname www-balancer
webimages cname www-balancer
ldap cname ldap-balancer



Normally browser (ldap library, wget etc) will retry on another exposed address.
Thinking in large scale  - extra load balancer layer is expensive as opposed to N+1 redundancy.
And you need to restart load balancers one-by-one just like having generic reverse proxies (squid, varnish, apache) on those addresses, so you have same internet-visible interruption for unplanned maintenance...
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
Comment Utility
Just to add a bit to what's been said:

There's no way to implement failover using only DNS records. Round-robin DNS provides rudimentary load balancing, but it's not failure-aware.

Say you have three host records named www.mydomain.com with IP addresses 4.4.4.4, 4.4.4.5, and 4.4.4.6. If round-robin DNS is enabled (which it likely is by default), queries for www.domain.com will be load-balanced to some degree: the first time the server is queried, it will respond with 4.4.4.4; the second time, it will respond with 4.4.4.5; and so on. However, if 4.4.4.5 goes down, the DNS server has no way of knowing this. Every third query for www.domain.com is still going to resolve to 4.4.4.5, and the querying client will get an error indicating that the server is unavailable.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Sorry - all modern internet client software is fully aware of DNS round robin scenario with some hosts out.
Client gets an error if no server in pool responds. No need to plant fear in newbies.

Actually in your scenario 1/3 of users will choose other IP (proxies will choose enough other IPs)
0
 
LVL 25

Expert Comment

by:DrDave242
Comment Utility
Sorry, you're absolutely right - I'd completely forgotten about client retry (which doesn't seem to be very clearly documented by anyone, even though most everyone supports it). Not only that, but I fumbled the explanation of round robin. In my defense, I was up several hours earlier than I normally am. Looks like I should stay off EE until I'm more awake!
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
I forgot about that too.  The latest releases of all browsers will do retry look up if it can't connect the first time to a specific IP address.

So just by having two hosts, with an A record with two IP addresses you have round robin load balancing and "fail over."
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Even better if you keep DNS TTL reasonable you can even plan the maintenance by bringing all but one servers down...
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Yes, we set our TTL to 15 minutes.  The only issue we have had is when somebody is using a caching DNS server configured to ignore our TTL, but that is their fault.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now