[Pdns-users] Provisions for DB failures?

bert hubert ahu at ds9a.nl
Sun Mar 16 19:44:54 UTC 2003 

On Sun, Mar 16, 2003 at 07:32:38PM +0100, Gabriel Ambuehl wrote:
> Hi,
> I just stumbled over PowerDNS and I must say, I'm deeply impressed by
> what I see (sure as hell beats BIND hands down).

Thanks!

> However, there's one thing that kinda scares me: suppose I use the
> MySQL backend (which is what I'd like the most) and the DB goes down
> so now I'm with a DNS daemon that's still running but not sending out
> any data as it can't get to it. So is there some sort of filesystem
> based cache module that can take over in such a situation?

We spent a lot of time thinking about this problem.

> Sure I have 4 DNS in two different places but I still don't like the
> idea of having one box down to a DB failure and it gets even nastier
> if its the primary in a one primary, 3 superslave [1] scenario...

Our ideas are as follows:

	1) in case of database failure, PowerDNS starts returning SERVFAIL
	   packets, which quickly indicate 'ask another nameserver' and make
	   sure nothing like 'no such domain' is answered.

	2) It is hard to determine effectively if a database is 'down'. 
	   Having a timeout is not enough to be sure about that. In case of
	   authorization failure, it is best to treat this as a permanent
	   failure and not try to paper it over.

	3) Simplicity is good

In this case, if any of the slaves has a database problem, it goes down. The
other slaves continue to work and the internet does not notice that there is
a problem.

The code to support 'alternative backend selection' would be complex and by
necessity based on a heuristic. It is doubtful if it would in fact increase
uptime. In the right circles, for example, it is well known that many
failover solutions in fact lower uptime because of increased complexity.

But our thoughts on this are not entirely set in stone. If:

	* somebody can convince us that there are real problems if a single
slave is down

and

	* somebody creates a *simple* algorithm for determining if a
database is not working right 

and

	* has a reasonable way of reconfiguring so that we do give out the
right answers.

Then we'd be willing to implement it. Let me know.

Regards,

bert

> 
> I'd appreciate any comments on this issue.
> 
> Regards,
> Gabriel
> 
> [1] I LOVE that feature ;-).
> 
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
http://netherlabs.nl                         Consulting

More information about the Pdns-users mailing list