Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Load balancing/Multiple CNAME's (Was: Re: Beyond DNS...)

  • From: Studded
  • Date: Fri Jun 05 19:55:12 1998

Phillip Vandry wrote:
> 
> > 2. Why Web services don't have entries like MX hosts do. Why not be able to
> > set preferences and fall over hosts?
> 
> That is exactly RFC 2052, but why don't you try convincing everyone to
> deploy that right now? :-)

	To start, RFC 2052 (the SRV RR idea) is extremely ill-conceived. It's
smallest flaw is that it requires you to specify RR's by service and
makes some (I think) invalid assumptions about services being requested
on the same port consistently. However those problems are eclipsed by
the fact that it requires client authors to adapt to the new format. As
someone else commented, client authors have yet to adequately deal with
multiple A records, so the hopes of them working in the capability to
deal with a completely new RR are small.

Dean Anderson wrote:

> www             IN      CNAME   www1.av8.com.
>                 IN      CNAME   www2.av8.com.
> 
> www1            IN      A       198.3.136.144
>                 IN      A       208.156.100.250
> www2            IN      A       208.156.100.250
>                 IN      A       198.3.136.144

	This works, however it is functionally equivalent to:

www             IN      A       198.3.136.144
                IN      A       208.156.100.250

which is fine if you want to balance the load equally between these two
servers (although obviously the CNAME's should be avoided in the simple
case).


Chris Cappuccio wrote:

> Multiple CNAMEs are not supported by all DNS servers and are in fact "turned
> off" by default in BIND 8.  Multiple CNAMEs violates DNS protocol-

	The config option in BIND 8 refers to names in the zone files served by
that server having more than one CNAME. BIND 8 has no problems resolving
names with multiple CNAME's from remote servers with or without that
option. Also, multiple CNAME's are not a violation of the letter of the
law, although they are possibly a violation of its spirit. What the
RFC's DO say is that you cannot have a CNAME plus another type of RR.
This is to avoid the possibility of having conflicting records of the
same type (like MX or A records). 


Daniel Reed wrote:
> 
> On Thu, 4 Jun 1998, Dean Anderson wrote:
> ) At 2:51 PM -0400 6/3/98, Phillip Vandry wrote:
> ) >> 2. Why Web services don't have entries like MX hosts do. Why not be able to
> ) >> set preferences and fall over hosts?
> ) Err, they do. Here's how to set it up:  These balance the load, and if one
> ) machine is down, any browser which handles multiple A records properly will
> ) still fail over to the other machine.
> )
> ) www             IN      CNAME   www1.av8.com.
> )                 IN      CNAME   www2.av8.com.
> That's a Very Bad Idea(tMS). CNAMEs are used as aliases, direct mappings.

	Most of the time, yes.

> For the same reason you can't CNAME a zone's root to something else
> (meaning, if I am setting up the zone map for n.ml.org, I can CNAME
> web.n.ml.org to narnia.n.ml.org, 

	Right.

> but I can't CNAME n.ml.org to
> narnia.n.ml.org, nor can I CNAME n.ml.org to ftp.microsoft.com, or any
> other host),

	Why not?  

n.ml.org.	IN	CNAME	ftp.microsoft.com.

would be perfectly valid. Of course uncle bill might not like it much.
:)

> you cannot use multiple CNAMEs. You can *physically* CNAME
> multiple times,

	I'm not sure I understand the distinction you're trying to make here.

> but you're likely to break things, as it's against the rules.

	See above.

> What you're in fact doing is aliasing one host to two different
> ones, which doesn't make sense (because a CNAME says that ThisHost is
> actually just a pointer to ThatHost).

	Under usual situations, no it wouldn't make sense. However in the load
balancing situation it's the only way to go for more complex setups. 

> Do an nslookup on irc.dal.net a couple times, or us.undernet.org. Each
> time you do it, the IP's are shifted over to the left by one. 

	Well I'll take that as a compliment, since I am DALnet's hostmaster. :)
However I regret to inform you that I did use the CNAME hack to fine
tune our load balancing. I'd also like to point out that the IP's in a
true round-robin setup (as manifest with BIND, et al) will be returned
randomly, not in a rotate once cycle. The exception to this is if you
are on the same subnet as one of the IP's, in which case that IP (or
IP's) will be favored. 

> "Supporting" multiple IN A's shouldn't be necessary for a client to take
> advantage of multiple IN A's. Since the IN A's are rotated, load balancing
> is implemented at the nameserver level. The client should just always
> connect to the first IN A given to it.

	This depends on whose resolver you're using. With BIND you should be in
good shape. With, say, windows 95 you're in deep tapioca because
although it caches all the IP's it receives it always returns them in
the same order. (And no, I don't need anyone to tell me that this is
braindead behaviour. :) The safest way to get the desired behaviour out
of the client is to code specifically the behaviour you want. 

	Now, why would you want to use multiple CNAME's? Simple, it gives you
much greater flexibility in how you control the load assigned to various
machines. Say you want one machine to get 3 times as much load as
others. Because BIND compacts A addresses you couldn't simply do:

www	IN	A	111.111.111.111
	IN	A	111.111.111.111
	IN	A	111.111.111.111
	IN	A	222.222.222.222
	IN	A	333.333.333.333

BIND would return just the 3 discreet addresses. What would work is:

www	IN	CNAME	www1
	IN	CNAME	www2
	IN	CNAME	www3

www1	IN	A	111.111.111.111
	IN	A	222.222.222.222
	IN	A	333.333.333.333
www2	IN	A	111.111.111.111
www3	IN	A	111.111.111.111

	The astute student will notice that the 111.111.111.111 address won't
get exactly 3 times as much traffic. In fact, calculating exact
percentages is a fascinating mathematical problem, especially when you
are dealing with lots of addresses. You can find more info on this
technique in the BIND FAQ.2of2, question 5.11. The FAQ is included in
BIND 8's -doc package in the misc section amongst other places. 

	I wanted to respond to this thread for several reasons. First, DNS is
an operational issue, and as has often been mentioned here is difficult
to do right and very hard to do well. Also, there was a lot of
misinformation contained in this thread, and I wanted to set some of the
old and glorious bits to rest. And, frankly I thought it was a good
opportunity to demonstrate my brilliance to potential customers. :) If
you need load balancing or other DNS help I'm available for a reasonable
rate. 

	Finally, if you plan to disagree with anything in this post, please
quote chapter and verse from the relevant RFC. I've spent a lot of time
studying this topic and am quite sure of my facts. 

Enjoy,

Doug
-- 
***         Chief Operations Officer, DALnet IRC network        ***
***   Proud designer and maintainer of one of the world's largest
*** Internet Relay Chat servers with 5,328 simultaneous connections
***   Try spider.dal.net on ports 6662-4    (Powered by FreeBSD)




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.