Load balance with SRV records (DNS)

I am trying to setup load balance for a website (http/https), but a subdomain.
So, we have domain.com, and we have subdomain.domain.com

I have 2 identical replica's up for subdomain.domain.com
example IPs: and

I have added two A-records for subdomain.domain.com, and that seems to balance fine.
HOWEVER, this does not do what is described here: http://www.zytrax.com/books/dns/ch8/srv.html

; foobar - use old-slow-box or new-fast-box if either is
; available, make three quarters of the logins go to
; new-fast-box.

What I want, and for this subdomain only, is setup a 50-50 load balance.

In PowerAdmin (using pDNS), I have:
_http._tcp.subdomain.domain.com 0 80 subdomain-server1.domain.com 0 3600
_http._tcp.subdomain.domain.com  0 80 subdomain-server2.domain.com 0 3600

Open in new window

(mind you, it is a bit different than the example on that link, cause poweradmin GUI does not allow it to setup exactly like that)

Anyway, I have done this. I ping subdomain, and I get the default I used by the wildcard A-record for domain.com

Any idea what I am doing wrong?
Who is Participating?
Just to add a bit to what's been said:

There's no way to implement failover using only DNS records. Round-robin DNS provides rudimentary load balancing, but it's not failure-aware.

Say you have three host records named www.mydomain.com with IP addresses,, and If round-robin DNS is enabled (which it likely is by default), queries for www.domain.com will be load-balanced to some degree: the first time the server is queried, it will respond with; the second time, it will respond with; and so on. However, if goes down, the DNS server has no way of knowing this. Every third query for www.domain.com is still going to resolve to, and the querying client will get an error indicating that the server is unavailable.
You need to re-read the first paragraph.  Mainly the sentence:

"It is not widely supported except notably by OpenLDAP and increasingly by VoIP systems in conjunction with the NAPTR RR."

Very few programs issue a lookup for SRV records.  Issuing a lookup for a SRV record is a separate process from doing a normal host name look up.   Just because you define SRV records does not mean that there is something out there actually using them.

I know of no web browsers that do SRV lookups.  There could be one or two, but I don't know of any.
redworksAuthor Commented:
What would the best way of load balancing for HTTP be?
What I want, is a fail-over more than load balance. So, if a server is down, it automatically goes to the next...
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

What HTTP server are you running?

You can setup another HTTP server running Apache and have it be a reverse proxy server.  It will detect that one of your real HTTP servers is down and stop sending traffic to it.

redworksAuthor Commented:
Thanks for this. The 2 nodes I have now are Apache indeed...
I read the article, and that would mean setting up a 3rd apache server "in front" of those two, to make it balance that... That would work, but it's not ideal.
If THAT (the balancer/proxy) goes down, both nodes are down too.

With DNS (SRV), this is different... we have plenty of slave DNS servers... It would then work, using the SRV logic from above.

Do we have an alternative here?
This may help you:


Or you could look at hardware load balancers like from F5 or Kemp.  You by a pair that run in a HA/Cluster.  They also can do SSL offload (if you are using SSL) and can do caching and compression.  But they are expensive.  The company I work for use F5, but Kemp is supposed to be just as good and less expensive.  We needed F5's iRule capability and Kemp did not have a function like this.

However a Apache just doing reverse proxy function has a slim chance of failing.
Normally it looks like this

www-balancer IN A
         IN A
ldap-balancer IN A
        IN A

www cname www-balancer
webimages cname www-balancer
ldap cname ldap-balancer

Normally browser (ldap library, wget etc) will retry on another exposed address.
Thinking in large scale  - extra load balancer layer is expensive as opposed to N+1 redundancy.
And you need to restart load balancers one-by-one just like having generic reverse proxies (squid, varnish, apache) on those addresses, so you have same internet-visible interruption for unplanned maintenance...
Sorry - all modern internet client software is fully aware of DNS round robin scenario with some hosts out.
Client gets an error if no server in pool responds. No need to plant fear in newbies.

Actually in your scenario 1/3 of users will choose other IP (proxies will choose enough other IPs)
Sorry, you're absolutely right - I'd completely forgotten about client retry (which doesn't seem to be very clearly documented by anyone, even though most everyone supports it). Not only that, but I fumbled the explanation of round robin. In my defense, I was up several hours earlier than I normally am. Looks like I should stay off EE until I'm more awake!
I forgot about that too.  The latest releases of all browsers will do retry look up if it can't connect the first time to a specific IP address.

So just by having two hosts, with an A record with two IP addresses you have round robin load balancing and "fail over."
Even better if you keep DNS TTL reasonable you can even plan the maintenance by bringing all but one servers down...
Yes, we set our TTL to 15 minutes.  The only issue we have had is when somebody is using a caching DNS server configured to ignore our TTL, but that is their fault.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.