[f-nsp] GSLB
Oliver Adam
oadam at madao.de
Tue Jul 8 10:29:41 EDT 2008
I do not know the complete configuration but the
SI is able to reply with ACTIVE IPs only or with
the BEST only. Using ACTIVE as in your original
configuration is resulting in a list of ALL
ACTIVE IPs - this list might get cached at a DNS
server somewhere and these DNS server might use
the list for a while in a round robin fashion to
deliver an answer the client asking for the
IP(s). BEST only results in an answer with
a single IP address only. Only the one which is
the best is going to be a part of the answer. Your current policy includes:
dns active-only
you would have to use
dns best-only
instead of active-only. The result might be still
a list of IPs in case there is not any best
selectable based on your selection criterias.
You can still use the selction criterias you are
using at the moment (health, load, RTT or
whatever and RR or least conns as tie breaker).
Try to keep the TTL as low as possible even if
there are still some DNS server ignoring the TTL.
R, OIiver
At 16:11 08.07.2008, Torrez,Jon wrote:
>So when I mailed the group I also opened a Foundry help desk ticket.
>
>Those guys are still out to lunch on this issue.
>
>Let's talk about this suggestion some more.
>
>Would that be alongside the other options or remove them and apply this
>only?
>
>-jon
>
>-----Original Message-----
>From: Bjørn Mork [mailto:bjorn at mork.no]
>Sent: Friday, July 04, 2008 6:26 AM
>To: Torrez,Jon
>Cc: dtemkin at yahoo.com; foundry-nsp at puck.nether.net
>Subject: Re: [f-nsp] GSLB
>
>"Torrez,Jon" <Jon_Torrez at securecomputing.com> writes:
>
>
> > DNS active-only: ENABLE DNS best-only: DISABLE DNS override: ENABLE
>
>
>Don't know if I understand you problem, bu you do realize that dns
>resolvers will cache your answers and probably apply a round-robin
>selection of addresses?
>
>If want to force the clients to your best site, then you need to enable
>"dns best-only"
>
>
>
>Bjørn
>
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list