[Pdns-users] Zone transfers and load balancing PowerDNS.

Mike Benoit mikeb at netnation.com
Tue Aug 5 17:10:22 UTC 2003 

On Sat, 2003-08-02 at 08:22, Norbert Sendetzky wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Saturday 02 August 2003 01:26, Mike Benoit wrote:
> > One of the main issues we face is with zone transfers and our
> > replicated MySQL backend. MySQL only supports Master -> Slave
> > replication (Master <-> Master would solve this issue of course),
> > so all zone transfers have to go to NS1 (Master), which will then
> > be replicated to NS2 by MySQL itself. Now in a load balanced
> > system, we can't control, or even force zone transfers to go to
> > NS1.
> 
> Master <-> Master replication is difficult, because it is not
> working correctly if a record is changed on both masters at the same 
> time.
> 
> The real problem in your situation seems to be the loadbalancer which
> seem to rewrite the packets regardless where they are coming from.
> Normally the slave (your master) requests a zone transfer from the
> authoritive name server by opening a tcp connection and asking for a
> specific zone (if I understood it correctly and don't look at
> notifications from the authoritive name server). Though the request
> comes from behind the load balancer, it must not rewrite the answer
> packets and all level 4 loadbalancer do this.

Outgoing packets aren't a problem. Our NS1 (master) can request a zone
transfer for zones in which we slave for just fine. Where the problem
lies is when said zone is updated, and the remote name server trys to
send our NS1 a notification of the zone being updated (so we can pull
the new records). This notification will get load balanced, and only if
it happens to hit NS1 will the zone be pulled.

I think a possible "hack" would be to simply set the refresh times of
any zones we are slave for, to something fairly low, and basically
ignore notifications altogether. 

> 
> > I was thinking perhaps adding a new option to PowerDNS similar to
> > how LDAP works. When a request to write to the database comes in to
> > a slave name server, it basically just connects to the master
> > database server and forwards the SQL query off to it. (which then
> > immediately replicates back to the slave database server)
> 
> LDAP only send a referral back to the client saying: I'm not allowed
> to make updates, use this server instead.
> 
> A solution to your problem would be to replace the master behind the
> loadbalancer by another slave and connecting the master directly to
> the internet so it can do zone transfers without intermediate
> loadbalancer.
> 
> 
> Norbert
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iEYEARECAAYFAj8r10sACgkQxMLs5v5/7eCgdACdFUbOGV8ge5TIuii12vZhq6U0
> IgIAn2UGL6HKwhreATGAV8AT3qH2+vB6
> =LvvG
> -----END PGP SIGNATURE-----
-- 
Best Regards,
 
Mike Benoit
NetNation Communications Inc.
Systems Engineer
Tel: 604-684-6892 or 888-983-6600
 ---------------------------------------
 
 Disclaimer: Opinions expressed here are my own and not 
 necessarily those of my employer

More information about the Pdns-users mailing list