[dnsdist] Healthchecks at startup
Thomas Mieslinger
miesi at mail.com
Wed Nov 13 07:10:18 UTC 2024
Am 12.11.24 um 16:09 schrieb Marki via dnsdist:
> Hello,
>
> I have an issue here with a (potential) cyclic dependency that I'd like
> to solve.
>
> So our clients are pointed at dnsdist, obviously.
>
> Based on the query, dnsdist sends the query to internal NSes, or
> external recursive resolvers.
>
> Now the issue is the healthcheck of internal NSes at startup (resolution
> of DNS Root A): When starting up the entire thing (both named and
> dnsdist), sometimes dnsdist shows one of the local resolvers - namely
> the one running on the same node as dnsdist as down.
>
> This is because the internal resolvers have a forwarder to dnsdist to be
> able to resolve anything external (necessary in case a stub resolver
> would ask to resolve e.g. a local CNAME pointing to an external domain).
> So probably dnsdist is not entirely ready yet (external NS healtcheck
> not ready at that millisecond or sth else).
>
> I'd like that initial healthcheck to preferably succeed immediately. Is
> there a way to maybe define some backends as dependencies of others? Or
> any spontaneous design thoughts.... ;)
I'm doing the following to avoid this problem. This solution requires an
OS which allow non-local binds and has BGP which you may not (yet) be using.
Setup the system to allow non-local binds.
Do not bind the service ips to interfaces on system start.
start all processes. recursor and dnsdist also listen on service check ips.
watchdog checks service check ips and if service is ok, service ips are
bound to interfaces. local bgpd is instructed to announce the service ip
to the network.
Why does it work? In the startup phase the OS routes requests to the
service ip to the network, because the service ip is not locally bound.
Cheers Thomas
More information about the dnsdist
mailing list