- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Wan link backup posted 03/02/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

hi guys:

     Thanks for your inputs.Since it's possible that dual DNS servers
(or single DNS with 2 NIC) can do the trick,then why some company
still using hardware like linkproof to connect to different ISP?Anyone?


----- Original Message ----- 
From: "Jay Hennigan" <jay@xxxxxxxx>
To: "Alex Hsieh" <ccie21@xxxxxxxxxxx>
Cc: "CCIE R&S Mailing list" <ccielab@xxxxxxxxxxxxxx>
Sent: Tuesday, March 02, 2004 12:08 AM
Subject: Re: Wan link backup

> On Mon, 1 Mar 2004, Alex Hsieh wrote:
> > hi Church:
> >
> >       Thanks for your input.ISP is unable to help us.
> Look for another ISP.  This should be trivial for them to set up.
> Hint:  Most good ISPs don't do a good job of delivering HBO or installing
> pay phones.  The reverse is true as well.
> > I've sorted to  all resources still can't get this work.
> You can make DNS work, but it's less than optimal.  Set up a DNS server
> with two IP addresses, one on each network.  Use two zone files, the
> main one pointing to the addresses on the DS-3 link and a standby one
> pointing to the DSL.
> They will want to have short TTLs, I'd recommend five minutes.  Too long
> and it will take some time for things to switch.  Too short and you'll
> wind up with a lot of DNS traffic which will hurt payload throughput on
> the DSL link.
> You'll need a script on the nameserver to detect link failure on the
> DS-3 line and swap zone files, or you can do this manually.
> Caveats:
> * Many browsers have their own cache.  If someone has viewed the WWW
>   page on the main link, they may have to close and restart their web
>   browser to see it on the standby link.
> * You'll need to modify your own outbound routing on the fly to get
>   packets back out to the net.
> * Determining "failure" of the DS-3 can be tricky depending on the nature
>   of the failure.  If the link is up but the ISP has a routing porblem,
>   it gets harder to detect.  At a minimum, use the "down-when-looped"
>   command on the serial interface so that when (not if) someone at the
>   carrier loops the wrong line it will show as down.
> * Not everyone follows standards.  Some applications will give up if the
>   first nameserver is unreachable.
> * Chuck's secondary MX thing would work well if everyone else followed the
>   standards.  Everyone doesn't.  Spammers especially don't.  If you do
>   this, expect your "standby" mail server to get a lot of mail most of
>   the time, much of it spam.
> * Keep in mind that listed DNS servers are checked more or less randomly,
>   so the IP of your nameserver on the standby link will see half of your
>   DNS traffic.
> > I think what you're saying is having two different DNS servers valid,
one on
> > each network block.  These two are both registered with Network
> > (or whatever they're calling themselves these days).  One as a primary,
> > one as a secondary.  So if the DS3 goes down, the primary is now
> > and the secondary would become active, giving out addresses valid on the
> > backup link, whereas the primary DNS was giving out addresses valid on
> > DS3 block.
> I like to use a single box dual-homed and swap zone files on-the-fly.
> > The problem would be caching of DNS records.  You're TTL for the
> > nameservers would have to be extremely low for this to work, and
> > not a good solution.  I'm not sure if NetSol would even accept a TTL of
> > minutes for an NS record.
> Not an issue.  Done all the time but the overhead on the DNS box increases
> a bit.
> > The incoming mail problem is easily solved with
> > multiple MX records.  For incoming HTTP, you might want to talk to a
> > company that can redirect your WWW records to different hosts.  No luck
> > static routes from the ISP?
> I agree that a clueful ISP is by far the best solution here.  As a DS-3
> customer, you should be able to lean on them a bit.
> > > What if I setup one DNS server for each link,and register
> > > DNS record with both of my DNS server address.Will it work?
> Yes, but they both will get hit all of the time.  You need to change
> entries on-the-fly with short TTL.
> -- 
> Jay Hennigan - CCIE #7880 - Network Administration - jay@xxxxxxxx
> WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
> NetLojix Communications, Inc.  -