[Freeipa-users] routing requests to local servers - DNS SRV + view?
Dmitri Pal
dpal at redhat.com
Mon Apr 16 13:40:16 UTC 2012
On 04/13/2012 11:00 PM, Brian Cook wrote:
> Yes, this is exactly what I am trying to accomplish. I've already
> been looking in to the BIND views clause and would like to hear if
> anyone has any feedback as to how well this works in the real world.
>
> In this case the implementation of IPA is using an external standard
> BIND implementation loading from text files. However, views would be
> very useful for IPA to be able to do internally, so figuring out how
> to get this option in to BIND using 389ds backend would be a useful step.
>
AFAIK there is an SSSD RFE that allows you to define a group of primary
servers for a client that the client would use to fail over between and
only when they all are not available it will fail over to DNS. At least
I remember a discussion about it. It seems that such feature would
accomplish the same but with less work. Would it be sufficient?
See comment 6 in the https://fedorahosted.org/sssd/ticket/1128
> Thanks,
> Brian
>
> ---
> Brian Cook
> Solutions Architect, Red Hat, Inc.
> 407-212-7079
>
>
>
>
> On Apr 13, 2012, at 2:41 PM, Petr Spacek wrote:
>
>> On 04/13/2012 10:28 PM, Jakub Hrozek wrote:
>>> On Fri, Apr 13, 2012 at 01:04:55PM -0700, Brian Cook wrote:
>>>> Ideally I would rely on a -group- of servers, and then rely on
>>>> DNS if it
>>>> is down. I don't want to hammer one server. We're talking
>>>> about 500-1000
>>>> servers running virtual machines, so potentially a lot of
>>>> traffic. Got
>>>> any suggestions for that?
>>>
>>> Hello Brian,
>>>
>>> I'm not sure I understand what you are trying to achieve. Are you trying
>>> to spread the client load among replicas? If so, then I think the SRV
>>> records in DNS are really the best answer. You can organize the servers
>>> in "tiers" by using the priority field and then spread the load in a
>>> tier by using the "weight" field.
>>
>> Greetings,
>>
>> if I understand correctly, you need to set different priority for SRV
>> records and this new priority has to be dependent on client's IP address.
>>
>> AFAIK only way how to accomplish this is BIND "view" clause. You have to:
>> - create copy of original zone for each location and modify SRV
>> record priorities
>> - then you have to set "views" and create mapping between IP address
>> <-> new zone
>>
>>
>> This way requires multiple copies of original zone, each with little
>> differences.
>> In case of classical zone files is not a big problem: You can keep
>> SRV records separated in small files and "$INCLUDE" normal records to
>> them from single place.
>>
>> In cases with LDAP database it's a much harder, because there is no
>> simple $INCLUDE clause, I think.
>> We have to consult this problem with 389 guys ... It can be task for
>> some kind of directory server plugin.
>>
>>
>> Some examples and documentation:
>> http://wiki.sipfoundry.org/display/sipXecs/Location+based+DNS+views+for+sipXecs+using+BIND
>> (It belongs to some SIP solution, but it's exactly what you want.)
>>
>> http://www.zytrax.com/books/dns/ch7/view.html
>>
>> http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.ch06.html#view_statement_grammar
>>
>>
>> I'm adding BIND maintainer to this discussion.
>>
>> Petr^2 Spacek
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120416/20eb4c35/attachment.htm>
More information about the Freeipa-users
mailing list