[f-nsp] GSLB

Oliver Adam oadam at madao.de
Tue Jul 8 10:54:43 EDT 2008 

Other DNS server might cache the current replies 
as said and therefore there is of course a delay 
until this is going to be active - 24 hours should be enough.

R, Oliver

At 16:50 08.07.2008, Torrez,Jon wrote:
>Ok, so the changes are done and will be pushed out this evening.
>
>I suspect there will be a time frame after the changes are in place for the
>results to change.
>
>I'll follow up with the list in a day.
>
>Thanks everyone.
>
>-jon
>
>-----Original Message-----
>From: Oliver Adam [mailto:oadam at madao.de]
>Sent: Tuesday, July 08, 2008 10:30 AM
>To: Torrez,Jon; Bjørn Mork
>Cc: foundry-nsp at puck.nether.net
>Subject: Re: [f-nsp] GSLB
>
>I do not know the complete configuration but the
>SI is able to reply with ACTIVE IPs only or with
>the BEST only. Using ACTIVE as in your original
>configuration is resulting in a list of ALL
>ACTIVE IPs - this list might get cached at a DNS
>server somewhere and these DNS server might use
>the list for a while in a round robin fashion to
>deliver an answer the client asking for the
>IP(s). BEST only results in an answer with
>a  single IP address only. Only the one which is
>the best is going to be a part of the answer. Your current policy includes:
>
>dns active-only
>
>you would have to use
>
>dns best-only
>
>instead of active-only. The result might be still
>a list of IPs in case there is not any best
>selectable based on your selection criterias.
>You can still use the selction criterias you are
>using at the moment (health, load, RTT or
>whatever and RR or least conns as tie breaker).
>Try to keep the TTL as low as possible even if
>there are still some DNS server ignoring the TTL.
>
>R, OIiver
>
>
>At 16:11 08.07.2008, Torrez,Jon wrote:
> >So when I mailed the group I also opened a Foundry help desk ticket.
> >
> >Those guys are still out to lunch on this issue.
> >
> >Let's talk about this suggestion some more.
> >
> >Would that be alongside the other options or remove them and apply this
> >only?
> >
> >-jon
> >
> >-----Original Message-----
> >From: Bjørn Mork [mailto:bjorn at mork.no]
> >Sent: Friday, July 04, 2008 6:26 AM
> >To: Torrez,Jon
> >Cc: dtemkin at yahoo.com; foundry-nsp at puck.nether.net
> >Subject: Re: [f-nsp] GSLB
> >
> >"Torrez,Jon" <Jon_Torrez at securecomputing.com> writes:
> >
> >
> > >   DNS active-only: ENABLE   DNS best-only: DISABLE  DNS override: ENABLE
> >
> >
> >Don't know if I understand you problem, bu you do realize that dns
> >resolvers will cache your answers and probably apply a round-robin
> >selection of addresses?
> >
> >If want to force the clients to your best site, then you need to enable
> >"dns best-only"
> >
> >
> >
> >Bjørn
> >
> >_______________________________________________
> >foundry-nsp mailing list
> >foundry-nsp at puck.nether.net
> >http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list