Load balance with SRV records (DNS)

Posted on 2013-11-17
Last Modified: 2014-01-24
I am trying to setup load balance for a website (http/https), but a subdomain.
So, we have, and we have

I have 2 identical replica's up for
example IPs: and

I have added two A-records for, and that seems to balance fine.
HOWEVER, this does not do what is described here:

; foobar - use old-slow-box or new-fast-box if either is
; available, make three quarters of the logins go to
; new-fast-box.

What I want, and for this subdomain only, is setup a 50-50 load balance.

In PowerAdmin (using pDNS), I have: 0 80 0 3600  0 80 0 3600

Open in new window

(mind you, it is a bit different than the example on that link, cause poweradmin GUI does not allow it to setup exactly like that)

Anyway, I have done this. I ping subdomain, and I get the default I used by the wildcard A-record for

Any idea what I am doing wrong?
Question by:redworks
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
LVL 57

Expert Comment

ID: 39655168
You need to re-read the first paragraph.  Mainly the sentence:

"It is not widely supported except notably by OpenLDAP and increasingly by VoIP systems in conjunction with the NAPTR RR."

Very few programs issue a lookup for SRV records.  Issuing a lookup for a SRV record is a separate process from doing a normal host name look up.   Just because you define SRV records does not mean that there is something out there actually using them.

I know of no web browsers that do SRV lookups.  There could be one or two, but I don't know of any.

Author Comment

ID: 39655183
What would the best way of load balancing for HTTP be?
What I want, is a fail-over more than load balance. So, if a server is down, it automatically goes to the next...
LVL 57

Expert Comment

ID: 39655191
What HTTP server are you running?

You can setup another HTTP server running Apache and have it be a reverse proxy server.  It will detect that one of your real HTTP servers is down and stop sending traffic to it.
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.


Author Comment

ID: 39655253
Thanks for this. The 2 nodes I have now are Apache indeed...
I read the article, and that would mean setting up a 3rd apache server "in front" of those two, to make it balance that... That would work, but it's not ideal.
If THAT (the balancer/proxy) goes down, both nodes are down too.

With DNS (SRV), this is different... we have plenty of slave DNS servers... It would then work, using the SRV logic from above.

Do we have an alternative here?
LVL 57

Expert Comment

ID: 39655280
This may help you:

Or you could look at hardware load balancers like from F5 or Kemp.  You by a pair that run in a HA/Cluster.  They also can do SSL offload (if you are using SSL) and can do caching and compression.  But they are expensive.  The company I work for use F5, but Kemp is supposed to be just as good and less expensive.  We needed F5's iRule capability and Kemp did not have a function like this.

However a Apache just doing reverse proxy function has a slim chance of failing.
LVL 62

Expert Comment

ID: 39656366
Normally it looks like this

www-balancer IN A
         IN A
ldap-balancer IN A
        IN A

www cname www-balancer
webimages cname www-balancer
ldap cname ldap-balancer

Normally browser (ldap library, wget etc) will retry on another exposed address.
Thinking in large scale  - extra load balancer layer is expensive as opposed to N+1 redundancy.
And you need to restart load balancers one-by-one just like having generic reverse proxies (squid, varnish, apache) on those addresses, so you have same internet-visible interruption for unplanned maintenance...
LVL 26

Accepted Solution

DrDave242 earned 500 total points
ID: 39656404
Just to add a bit to what's been said:

There's no way to implement failover using only DNS records. Round-robin DNS provides rudimentary load balancing, but it's not failure-aware.

Say you have three host records named with IP addresses,, and If round-robin DNS is enabled (which it likely is by default), queries for will be load-balanced to some degree: the first time the server is queried, it will respond with; the second time, it will respond with; and so on. However, if goes down, the DNS server has no way of knowing this. Every third query for is still going to resolve to, and the querying client will get an error indicating that the server is unavailable.
LVL 62

Expert Comment

ID: 39657591
Sorry - all modern internet client software is fully aware of DNS round robin scenario with some hosts out.
Client gets an error if no server in pool responds. No need to plant fear in newbies.

Actually in your scenario 1/3 of users will choose other IP (proxies will choose enough other IPs)
LVL 26

Expert Comment

ID: 39658146
Sorry, you're absolutely right - I'd completely forgotten about client retry (which doesn't seem to be very clearly documented by anyone, even though most everyone supports it). Not only that, but I fumbled the explanation of round robin. In my defense, I was up several hours earlier than I normally am. Looks like I should stay off EE until I'm more awake!
LVL 57

Expert Comment

ID: 39658154
I forgot about that too.  The latest releases of all browsers will do retry look up if it can't connect the first time to a specific IP address.

So just by having two hosts, with an A record with two IP addresses you have round robin load balancing and "fail over."
LVL 62

Expert Comment

ID: 39658410
Even better if you keep DNS TTL reasonable you can even plan the maintenance by bringing all but one servers down...
LVL 57

Expert Comment

ID: 39659242
Yes, we set our TTL to 15 minutes.  The only issue we have had is when somebody is using a caching DNS server configured to ignore our TTL, but that is their fault.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CCNP Exam question 6 38
How to send commands to switch via telnet programatically 15 86
Wannacry 44 102
external website is 16 41
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question