[Pdns-users] Fancy-records and urlredirector
Steve Bromwich
lists at fop.ns.ca
Thu Jun 12 11:40:35 UTC 2003
On Wed, 11 Jun 2003, Dean Mills wrote:
> My setup is like so...
>
> Internet
> |
> x.x.x.x (Internet IP)
> PDNS_1
> 10.0.0.1 (PDNS Server)
> |
> Switch
> ||||||
> WWW_1 - 10.0.0.10 (needs to answer for www.domain1.com, www.another1.com,
> etc)
> WWW_2 - 10.0.0.11 (needs to answer for www.domain2.com,
> www.stillanother.com, etc)
> ...
> WWW_10 - 10.0.0.20 (needs to answer for www.domain10.com,
> www.yetanotherdomain.com, etc)
>
> So if an http-request is recieved by PDNS_1 on it's internet interface for
> www.domain2.com, I need it to be able to forward on the request to the
> proper machine, WWW_2 in this case.
We do something very similar to this, using mod_proxy with Apache. We have
two uplinks, and use powerdns to return the least loaded link (using a
back-end perl script). Then, the Apache front-end server on each uplink
filters the request (making sure that nothing nasty will hit the back-end
IIS server) and forwards it on the the actual server. This has the added
bonus that Apache has to deal with long-lived connections (eg, dialup
users) that can take up to a couple of minutes to complete, instead of IIS
which tends to get a bit tetchy when there's a whole bunch of idle
connections. All that PDNS does in all this is DNS resolution, which is
what it's meant to do; Apache handles the web proxying, and IIS handles
the actual web serving.
To digress a bit, we're also using QoS on the front-end Apache proxy to
shape the traffic, enhancing throughput speed and making it a bit faster
(SYNs and SYN/ACKs are prioritised), a bit fairer (so a user on an OC45 or
whatever won't swamp out dialup users), and also a bit unfair (users
accessing ports we don't service get put in a 300 baud class, which slows
down portscans an awful lot). Some of the scripts I've been tinkering with
are at http://qos.impsolutions.ca - those of you who've read Bert's
excellent LARTC (http://www.lartc.org) will notice it's largely the
wondershaper rewritten in different ways ;->
Cheers, Steve
More information about the Pdns-users
mailing list