[Date Prev][Date Next]
Re: failover timeout.
Suomi, it's not as straightforward as that.
BIND used to return an ordered list of addresses for any host with multiple
address records. The ordering tried to put the most appropriate address first,
based on the requestor's address. This was determined to be undesirable and
non-RFC compliant behaviour because it is the responsibility of the client to
reorder addresses returned from a query; the server has insufficient
information about the client to make this decision (for example, it doesn't
know if the client is multihomed).
Client DNS resolvers used to discard all but the first record returned from a
DNS query, making an implicit assumption that "the first was the best".
Nowadays, some versions of BIND do round-robin their ordering. Some people in
the ISC want to implement a more random order, though, so this is not a
reliable path for the future; the rr-directives and ordering algorithms have
been changing quite a lot. More importantly, the DNS clients in most operating
systems (including linux and windows) are evolving, and some are already able
to work with multiple addresses being returned by DNS servers. Some clients
(such as Win2K) will cache portions of their name service returns locally!
Like many DNS administrators, I've always implemented a server-side sortlist
that mimics the behaviour of BIND 4.9 for multi-homed hosts whenever I've set
up a BIND 8 or BIND 9 server. This prevents Windows desktops from consuming
excessive bandwidth through subnetwork routing nodes, and multi-homed hosts
will probably reorder the list anyway.
You might also find these notes interesting:
If you want LDAP server failover beyond what OpenLDAP itself provides, I
recommend linux-ha instead of round-robin DNS. It's got a brighter, more
On 1 Oct 2003 at 18:46, suomi hasler wrote:
i have had the same "problem" i.e. pam-ldap on two replicated (via
i created a "virtual" host in the dns containing both IP addresses of
the two ldap servers. with the new dns protocols you will have a
DNS-round-robin for the two ldap servers.
then a shut one down ldap-serve and the pam-ldap service just continued
from the other part of this virtual dns host.
it may depend on which version of bind you have on your dns for the
DNS-round-robin to take effect. I have version 9.1.x installed. so be
warned, test the behaviour before making it active.
>i'm planning to install a slave with my master ldap server. They are used for
>The ldap.conf on a client will include the master and the slave server.
>If the master is down, how many time did the client wait before asking the
>slave server? where could i change this timeout?