Round-robin, NSD and multiple IPs - Pleast Test!

dewaforex

seem most the first A record always being used

pkr5770

yeah on the super-ping website on the watchmouse website its much closer to 50/50 thats why I suggest driving a lot more traffic to the domain before a proper assumption can be made

dirk

I got Maidenhead, UK (am in Belgium)

tommy

from USA :
Kansas City, Mo., USA

wlanboy

From sweden: Location: Maidenhead, UK

From netherlands: Location: Fremont, USA

From Buffalo: Location: Fremont, USA

D3vil

from italy : Maidenhead, UK

sleddog

Here's what I've learned/concluded:

Having 2 or more A records does not automatically mean you have round-robin functionality. Either (a) your authoritative nameservers or (b) the end-users DNS resolvers must support and be configured to provide round-robin.

I use NSD for authoritative nameserving. NSD does not support round-robin.

Querying test.blite.ca at one of my authoritative nameservers returns three A records (I added another today):

;; ANSWER SECTION:
test.blite.ca.      30  IN  A   162.210.175.x
test.blite.ca.      30  IN  A   78.129.133.y
test.blite.ca.      30  IN  A   204.12.214.z

If we run that DNS query a 100 times, the result will always be identical. The three A records are always listed in the order they appear in the zonefile.

Now, people who browse to test.blite.ca are not querying my nameservers directly, but are using DNS resolvers. This might be your ISP's nameservers or public nameservers like Google's 8.8.8.8.

When a DNS resolver does an upstream query and receives 3 A records with the same name, it might do one of three things:

1. Serve them to you in exactly the same order as received;
2. Round-robinize them, so the order changes when you query multiple times;
3. Try to do geo-location, and serve you the closest IP first (closest in terms of network distance).

Google's public resolver 8.8.8.8 appears to do #1. Other resolvers I've tried do #2.

So, because my authoritative servers don't do round-robin, and because some DNS resolvers don't do round-robin, the likelihood is that the majority of traffic will land at the first IP returned by my nameservers (currently: Fremont, USA - the new server added today).

TL; DR; - Having 2 or more A records does not necessarily mean they are used in a round-robin fashion. The best way of achieving round-robin is to ensure that your authoritative nameservers support & provide this function.

Fritz

Location: Fremont, USA

asterisk14

Can rage4 be used for something like round robin?

Gunter

Location: Fremont, USA

Raymii

@typh0n said:
No,I mean how did you set up that round robin thingy.

Add multiple A records for the same domain, as long as your nameserver supports it as said above.

dannix

@sleddog said:
...
I use NSD for authoritative nameserving. NSD does not support round-robin.

Querying test.blite.ca at one of my authoritative nameservers returns three A records (I added another today):

;; ANSWER SECTION:
> test.blite.ca.        30  IN  A   162.210.175.x
> test.blite.ca.        30  IN  A   78.129.133.y
> test.blite.ca.        30  IN  A   204.12.214.z

If we run that DNS query a 100 times, the result will always be identical. The three A records are always listed in the order they appear in the zonefile.
...

This is documented in: http://www.nlnetlabs.nl/svn/nsd/trunk/doc/REQUIREMENTS B2.4 as an explicit non-requirement:

`4. No creeping featurism

NSD will not implement any functionality that is not strictly
necessary for the task of authoritative name serving. Examples:
round robin sequence of RRset members in consecutive answers,
Also no dynamic plugins.
`

sleddog

Yes, I read that.

Neoon

Location: Fremont, USA

bdtech

Location: Fremont, USA

You should try cloudflare or route 53. I believe both will alternate IP #1

sleddog

@bdtech said:
You should try cloudflare or route 53. I believe both will alternate IP #1

I don't care that IPs aren't round-robin I was just trying to understanding the process...