mail this page
products | company | support | training | contact us
This HOWTO assumes you want the DNS server to respond with different IP addresses (or change the order of a given set of addresses) in order to provide a simple load balancing solution. You have a choice of solutions depending on what you want to do:
The normal method of handling mail fail-over is using the 'preference' value which is described in this note. However, using the MX record you can balance mail in two ways.
; zone file fragment IN MX 10 mail.example.com. IN MX 10 mail1.example.com. IN MX 10 mail2.example.com. .... mail IN A 192.168.0.4 mail1 IN A 192.168.0.5 mail2 IN A 192.168.0.6
The name server will deliver the MX records in the order defined by the rrset-order and the receiving SMTP software will select one based on its algorithm. In some cases the SMTP selection algorithm may work against the definition of the rrset-order statement. Current versions of sendmail (8.13.x), Exim (4.44) and Postfix (2.1 or 2.2) all have definitive references to indicate they randomly select equal preference servers (Postfix allows control of the behaviour with the smtp_randomize_addresses parameter) and consequentially the SMTP server may use an address which the rrset-order has carefully tried to change! qmail, courier-mta and Microsoft (Exchange and IIS SMTP) documentation does not appear to have definitive references to indicate how they handle the multiple MX RR case.
; zone file fragment IN MX 10 mail.example.com. .... mail IN A 192.168.0.4 IN A 192.168.0.5 IN A 192.168.0.6
In this case the load-balancing effect is under the control of BIND and the rrset-order record. In order to avoid problems if the receiving mail system does reverse look-up as a spam check then the PTR records for 192.168.0.4, 192.168.0.5, 192.168.0.6 above must all define (resolve to) mail.example.com.
In all the above cases each mail server must be capable of handling and synchronising the load for all the mail boxes served by the domain, either using some appropriate back-end to do this or by defining all but one server to be a relay or forwarder.
Assuming you want to load share your ftp, web or VPN services then you simply define multiple A records with the same name and different IPs as in the example below.
; zone file fragment ftp IN A 192.168.0.4 ftp IN A 192.168.0.5 ftp IN A 192.168.0.6 www IN A 192.168.0.7 www IN A 192.168.0.8 ; or use this format which gives exactly the same result ftp IN A 192.168.0.4 IN A 192.168.0.5 IN A 192.168.0.6 www IN A 192.168.0.7 IN A 192.168.0.8
The DNS will deliver all the IP addresses defined, the first IP address in the returned list will be in a (default) round robin order (controlled by the rrset-order 'named.conf' statement). The FTP and WEB servers must all be exact replicas of each other in this scenario.
The SRV record allows an application to discover the server name (and optional port number) on which a service, such as, SIP or LDAP or whatever is provided. As such, it provides another approach to load balancing. SRV provides both priority and weight fields allowing a fine level of granular configuration as well as providing some level of fail-over. The SRV record description contains an example illustrating this kind of flexibility. However, the end application must be SRV-aware for this approach to work. Application support for SRV is patchy at best - varying from very high in SIP (VoIP) to non-existent (browsers).
An alternative approach to load balancing may be provisioned using BIND's view clause to create a Split-Horizon configuration. Split-Horizon can use the users source-ip address to respond with a service IP address thus balancing for geographic or even service provider-specific traffic sources.
You can control the order of RR that BIND supplies in response to queries by use of a rrset-order statement which works for any set of equal records (an RRset). The default behaviour is now defined to be cyclic. Note: Since BIND 9.5 the fixed value of rrset-order is invoked with a build option - standard Linux/BSD packages do not build with this option and thus will not support fixed rrset-order configurations.
The previous sections have addressed some of the techniques that may be used to balance load using DNS functionality. However, the real question is, how effective can the DNS be in providing this balancing?
The effects of caching will distort the effectiveness of any IP address allocation algorithm unless a 0 TTL is used - which has the effect of significantly increasing the load on the DNS and is not always implemented consistently. Even if a 0 TTL worked consistently (and it may not be supported consistently by all resolvers) the cure may be worse than the disease. Good news we have great load balancing on our web servers. Bad news we need 17 more DNS servers! Note: You may also want to read this note on TTL values. There again, you may not want to read it.
Intuitively, and without running any experiments to verify, we would suggest that given a normal TTL (12 hours or more) and ANY IP allocation algorithm other than a single static/fixed list, loads should be reasonably balanced (measured by request arrivals at all the destination IP in the RRset) given the following assumptions:
What DNS load balancing cannot do is to account for service loading, for instance, certain transactions may generate very high CPU or resource loads. For this type of control only a local load balancer - one which measures service response times - will be effective.
Finally on this topic, if you still consider that a DNS solution will do the trick if only you could perfectly control the order of IP address generation, then you could use BIND 9's SDB API to achieve the result (or one of the available libraries).
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.
3 reverse map
4 dns types
5 install bind
8 dns records
12 bind api's
13 dns security
bits & bytes
notes & tips
This work is licensed under a Creative Commons License.
If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Mozilla