Hi guys, new to the forum and hope you can help.

Simple problem, but can't think of a solution...

Web servers (Clustered, one IP) connecting to the internet via two fibre lines. Each line with a different ISP and a different IP.

DNS server hosted externally.

How can I setup the DNS records so that if IP 1 isn't available, clients will automatically redirect to IP 2?

If I create 2 A records in the DNS, both will be sent to the client, but how can I make the clients use one as a preference with the ability to use the 2nd one if the 1st isn't available?

Many thanks
~Matt

True IP failover cannot be done at DNS level. Round robin load sharing/balancing (as you describe) can be done with DNS and mail server failover can be done with MX priorities. But there are no priority settings for "A" records

for a REAL failover solution you will need clustered servers and load balancing hardware/software.

I have no experience in that, but I think it's something you can do by setting up BGP router rules.
If you have 2 lines to the outside, I know that BGP can switch from 1 to the other if there is a connection problem.
My last enterprise used this for a redundant connectivity to our datacenter.

I know it's possible, but I have no idea how.
I tried to search google for some answers, but I didn't found anything that spoke to me.
Try to look with your datacenter tech people, it's usually something they setup.

Maybe this can help, but it's beyond my knowledge: http://www.experts-exchange.com/Hard..._22833974.html

Quote:

Well, since you have preempt enabled if there is a failure it will kick right over to the backup, but as soon as the primary comes back it will preempt back to the primary. You can dely the switch over by configuring the standby 1 timers 2 7 (where 2 is send a hello evey 2 seconds and 7 is the delay before a fail over takes place)

thanks for your replies. Unfortunately it's only myself running the company, website design and hosting on a small scale. There's one "Virtual" server (2 clustered servers) on the internal network and 2 internet lines. One will be used permenantly and one will turn on by the router/modem when the other goes down. My problem is getting the web users to see the websites at the "new" IP without waiting 3 days for all the ISPs to update their DNS servers.

It's not load balancing I want unfortunately, so I can't just create 2 A records otherwise 50% of users will just get a dead connection.

Thanks again, hope you can think of something

I think I may have misunderstood you.
It looks like your routers already handle the connection switch, and that's what I was talking about with BGP.

Quote:

It's not load balancing I want unfortunately, so I can't just create 2 A records otherwise 50% of users will just get a dead connection.

Nope, it IS load balancing that you want, but not as a "dumb" round robin implemented at DNS level.

Now, for what you want, you should use a front-end to your 2 servers. A front-end that would do load balancing, and keep a monitoring of the upstate of each server, to not use it in case one of the server goes down.

This cluster would have one visible IP, but the front-end will distribute requests on both servers.
If one server should go down, the second would take care of all the work.

This schema sounds more like what you want to achieve.
Just a question, what architecture do you use ?

Thanks for taking the time to reply again.

It's a cisco router which points to a virtual IP on the network (Just has a static route/port forward to the VIP from the outside IPs). If a connection comes through on either of the external lines, it will reroute to the web cluster on the internal network.

The problem is getting client workstations (all on the net) to see either 2 IPs or a different IP if one is down.

It's not possible for the secondary line to take the same IP over from line 1 because they're with different ISPs.

So, a customer requests www.mysitename.com and goes to our DNS server in the US to ask for the IP. Currently it gets one IP and goes to our server cluster in Holland using only the one internet line. What I'm trying to add is a secondary line for backup purposes should there be a problem with the first ISP. It doesn't have to be instant failover (Which would be nice) but even a manual failover within a couple of hours is fine.

My problem is that the ISP's DNS servers all around the net will cache the IP of the first line, so even when that's down they will not obtain the IP for the secondary line.

If I put both IPs into DNS, 50% will be sent to line 2 which is down (or used for seperate apps and internet traffic is unwanted on this line unless necessary).

Hope this makes it a little clearer. Thanks again so much for helping out.

~Matt
PS: My networking knowledge is limited, but I'm learning (very) fast. This is my first cisco setup, and unfortunately funds aren't available to bring in a networking contractor. I'm a one-man band just running a few small sites (And one large one).

It doesn't take 3 days for IP changes to reroute once DNS has fully propagated, if you set your DNS appropriately, assuming you use external DNS of course. If you run your own DNS servers it would be slightly different.

Set the refresh interval to 30 minutes (1800 seconds)
Set the retry interval to 10 minutes (600 seconds)
Set the expire interval to 12 hours (43200 seconds)

this should mean the longest time to update at any ISP should be 12 hours, with the majority being done well inside of an hour.

From your end you will need an updating system that can go and update the DNS server should the external IP switch over. The updaters used for Dynamic DNS systems should work Ok.
You could even use something like DynDNS for your name servers, their systems update IPs worldwide in a matter of minutes.

I don't think I can set an expirey time on the DNS server, it's hosted with an external company. The last time I changed server, I had to wait 3 days for some ISPs to point customers to the right IP.

I'll check what I can do with my DNS now.

I've got...

Name, TTL, Data

Then the first mission is to get a better DNS provider

But it's not my DNS that needs to update, just hosts the data, its the ISPs that need to either NOT cache, or only cache for an hour or so.

I think it's the TTL i need though having read up on it. If I set the TTL to one hour then the most downtime will be 1 hour whilst the DNS changes.

If I do an nslookup google.com i get different results each time (Round-robin load balance i think). How do they make it different each time? Surely my ISP should be caching the original request for a certain time?

Quote:

its the ISPs that need to either NOT cache, or only cache for an hour or so

Nope, in the master server for your zone is defined the TTL.
It's your DNS provider that specify that the cache is valid for 3 days.
If they/you cannot lower this, then I agree with Chris that you should look for another DNS provider.

Look at this, it's a zone I've setup for my local lan using BIND

Code:

$TTL 1W
@       IN      SOA     ns.dev. root.dev.  (
                                      2008123101 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      604800     ; Expire - 1 week
                                      86400 )    ; Minimum
@               IN      NS      ns
ns              IN      A       192.168.50.254
www             IN      A       192.168.50.254
webshots        IN      CNAME   www
djangoshot      IN      CNAME   www
subs            IN      CNAME   www
articles        IN      CNAME   www

In the header section, you can see that there are several indication, but notice the $TTL at the beginning.
It's the time another server fetching infos should keep the infos in cache.
The master DNS server passes this to every other server that are caching your zone info, to tell them when to check back.
It's centralized in your DNS zone, not local to each DNS servers.

Here, I set the TTL of the cached datas with the $TTL keyword
http://www.zytrax.com/books/dns/apa/ttl.html

Quote:

The $TTL directive is defined in RFC 2308.
TTL in the DNS context defines the duration in seconds that the record may be cached. Zero indicates the record should not be cached. Note: RFC 1912 cautions that 0 = no caching is not widely implemented so make no assumptions.
The default TTL for the zone is defined in BIND9 by the $TTL directive which must appear at the beginning of the zone file i.e. before any RR to which it will apply. This $TTL is used for any Resource Record which does not explicitly set the 'ttl' field.
The TTL field is defined to be an unsigned 32 bit value with a valid range from 0 to 2147483647 (clarified in RFC 2181) - which is a long time! - somewhere on the other side of 68 years.
The $TTL field may take any time value.
In BIND 8 the SOA record (minimum parameter) was used to define the zone default TTL value. In BIND 9 the SOA 'minimum' parameter is used as the negative (NXDOMAIN) caching time (defined in RFC 2308).
RFC 1912 recommends that the $TTL value be set to 1 day or longer and that certain RRs which rarely change, such as the MX records for the domain, use an explicit TTL value to set even longer values such as 2 to 3 weeks. The value of this field is a balance between how frequently you think the DNS records will change vs load on the DNS server. In the example below the $TTL value of 2d (2 days) indicates that any change may not be fully propagated for 48 hours, equally caching DNS servers will require to re-read the RRs from your DNS every 48 hours which can be a non-trivial load. Many users will set this value to say 2w (2 weeks) in normal operation then prior to planned changes will reduce the value to say 1d or 12h, until the change has stabilized then restore the value to 2w.

You can get explanations about the different header sections (refresh, reply...) there: http://www.tech-recipes.com/rx/305/d...sic-zone-file/

Looks like I can't set the headers (I'm using a HSphere control panel) but I can set the TTL which should be fine for me I think. What do you think? If i set the A record to a TTL of 3600, will that work in enabling me to have a 1 hour changeover period?

Thanks again. Gonna read the links now.

What's this BIND thing I keep hearing about?

BIND

If the cache expire time is three days, there will be some nameservers that won't update until then.

so does the cache expire overwrite the TTL? Or vice versa?

The TTL is the cache expire limit.
It means "Time To Live"

Your host probably set it at an higher level do reduce the traffic on his servers.
Maybe you can ask them to lower it for your zone. It is technically possible.
After that, it's a matter of business goodwill.

hi mate, sorry I thought there might be a setting per record and one per server which took priority over the TTL.

Well it looks like im sorted then, because I can add records to the DNS and I can also specify the TTL for each record. Wish I'd known this before I migrated my servers a month ago lol.

Thanks again

Quote:

Originally Posted by mattblack

hi mate, sorry I thought there might be a setting per record and one per server which took priority over the TTL.

Well it looks like im sorted then, because I can add records to the DNS and I can also specify the TTL for each record. Wish I'd known this before I migrated my servers a month ago lol.

Thanks again

You become more experienced. All changes are good changes.

yea i've learnt a lot. I'm a good web designer, programmer, manager, etc... but when it comes to networking I've got a lot to learn.

Thanks everyone for all your help