[f-nsp] GSLB

Torrez,Jon Jon_Torrez at securecomputing.com
Tue Jul 8 10:50:29 EDT 2008


Ok, so the changes are done and will be pushed out this evening.

I suspect there will be a time frame after the changes are in place for the
results to change.

I'll follow up with the list in a day.

Thanks everyone.

-jon

-----Original Message-----
From: Oliver Adam [mailto:oadam at madao.de] 
Sent: Tuesday, July 08, 2008 10:30 AM
To: Torrez,Jon; Bjørn Mork
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] GSLB

I do not know the complete configuration but the 
SI is able to reply with ACTIVE IPs only or with 
the BEST only. Using ACTIVE as in your original 
configuration is resulting in a list of ALL 
ACTIVE IPs - this list might get cached at a DNS 
server somewhere and these DNS server might use 
the list for a while in a round robin fashion to 
deliver an answer the client asking for the 
IP(s). BEST only results in an answer with 
a  single IP address only. Only the one which is 
the best is going to be a part of the answer. Your current policy includes:

dns active-only

you would have to use

dns best-only

instead of active-only. The result might be still 
a list of IPs in case there is not any best 
selectable based on your selection criterias.
You can still use the selction criterias you are 
using at the moment (health, load, RTT or 
whatever and RR or least conns as tie breaker). 
Try to keep the TTL as low as possible even if 
there are still some DNS server ignoring the TTL.

R, OIiver


At 16:11 08.07.2008, Torrez,Jon wrote:
>So when I mailed the group I also opened a Foundry help desk ticket.
>
>Those guys are still out to lunch on this issue.
>
>Let's talk about this suggestion some more.
>
>Would that be alongside the other options or remove them and apply this
>only?
>
>-jon
>
>-----Original Message-----
>From: Bjørn Mork [mailto:bjorn at mork.no]
>Sent: Friday, July 04, 2008 6:26 AM
>To: Torrez,Jon
>Cc: dtemkin at yahoo.com; foundry-nsp at puck.nether.net
>Subject: Re: [f-nsp] GSLB
>
>"Torrez,Jon" <Jon_Torrez at securecomputing.com> writes:
>
>
> >   DNS active-only: ENABLE   DNS best-only: DISABLE  DNS override: ENABLE
>
>
>Don't know if I understand you problem, bu you do realize that dns
>resolvers will cache your answers and probably apply a round-robin
>selection of addresses?
>
>If want to force the clients to your best site, then you need to enable
>"dns best-only"
>
>
>
>Bjørn
>
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp





More information about the foundry-nsp mailing list