From: Jay Hennigan (jay@west.net)
Date: Mon Mar 01 2004 - 13:08:30 GMT-3
On Mon, 1 Mar 2004, Alex Hsieh wrote:
> hi Church:
>
> Thanks for your input.ISP is unable to help us.
Look for another ISP. This should be trivial for them to set up.
Hint: Most good ISPs don't do a good job of delivering HBO or installing
pay phones. The reverse is true as well.
> I've sorted to all resources still can't get this work.
You can make DNS work, but it's less than optimal. Set up a DNS server
with two IP addresses, one on each network. Use two zone files, the
main one pointing to the addresses on the DS-3 link and a standby one
pointing to the DSL.
They will want to have short TTLs, I'd recommend five minutes. Too long
and it will take some time for things to switch. Too short and you'll
wind up with a lot of DNS traffic which will hurt payload throughput on
the DSL link.
You'll need a script on the nameserver to detect link failure on the
DS-3 line and swap zone files, or you can do this manually.
Caveats:
* Many browsers have their own cache. If someone has viewed the WWW
page on the main link, they may have to close and restart their web
browser to see it on the standby link.
* You'll need to modify your own outbound routing on the fly to get
packets back out to the net.
* Determining "failure" of the DS-3 can be tricky depending on the nature
of the failure. If the link is up but the ISP has a routing porblem,
it gets harder to detect. At a minimum, use the "down-when-looped"
command on the serial interface so that when (not if) someone at the
carrier loops the wrong line it will show as down.
* Not everyone follows standards. Some applications will give up if the
first nameserver is unreachable.
* Chuck's secondary MX thing would work well if everyone else followed the
standards. Everyone doesn't. Spammers especially don't. If you do
this, expect your "standby" mail server to get a lot of mail most of
the time, much of it spam.
* Keep in mind that listed DNS servers are checked more or less randomly,
so the IP of your nameserver on the standby link will see half of your
DNS traffic.
> I think what you're saying is having two different DNS servers valid, one on
> each network block. These two are both registered with Network Solutions
> (or whatever they're calling themselves these days). One as a primary, and
> one as a secondary. So if the DS3 goes down, the primary is now unreachable
> and the secondary would become active, giving out addresses valid on the
> backup link, whereas the primary DNS was giving out addresses valid on the
> DS3 block.
I like to use a single box dual-homed and swap zone files on-the-fly.
> The problem would be caching of DNS records. You're TTL for the
> nameservers would have to be extremely low for this to work, and probably
> not a good solution. I'm not sure if NetSol would even accept a TTL of just
> minutes for an NS record.
Not an issue. Done all the time but the overhead on the DNS box increases
a bit.
> The incoming mail problem is easily solved with
> multiple MX records. For incoming HTTP, you might want to talk to a hosting
> company that can redirect your WWW records to different hosts. No luck with
> static routes from the ISP?
I agree that a clueful ISP is by far the best solution here. As a DS-3
customer, you should be able to lean on them a bit.
> > What if I setup one DNS server for each link,and register
> > DNS record with both of my DNS server address.Will it work?
Yes, but they both will get hit all of the time. You need to change
entries on-the-fly with short TTL.
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:11 GMT-3