[rescue] web server loadbalancing...

Greg A. Woods rescue at sunhelp.org
Fri Aug 3 10:29:06 CDT 2001


[ On Friday, August 3, 2001 at 12:58:40 (+0200), Carl-Johan Schenstrom wrote: ]
> Subject: Re: [rescue] web server loadbalancing...
>
> On Thu, 2 Aug 2001, Greg A. Woods wrote:
> 
> > Not to mention but use of RR DNS also enforces at least a 300 second
> > interval between changes that can be propogated out to clients too
> > (minimum TTL honoured by any RFC-conforming DNS cache is 300s).
> 
> Huh? Not that it really matters, but where in the RFCs did you find this
> information? I know that BIND did/does ignore TTLs under 300 but not that
> this was required by the standard.

You're certainly right that it is BIND which resets TTLs under 300 to be
300 seconds.  That's a de facto standard that may as well be enforced
because if even a small fraction of clients are using BIND-based cache
servers then any attempt to use TTLs under 300 is compromised.

However I did mislead y'all a bit on how strict the IETF RFCs are on
this issue.  Part of the new DNS security extensions though do strongly
recommend that updates be limited to a frequency of about 5 minutes, and
this is partly due to the fudge factor necessary for system clock drifts
and the use of timestamps in certificates and keys.

Note also that if the DNS server a client queries is actually
authoritative for the zone in question (eg. because it's operator
configured it as a secondary), then the TTL is ignored and it's the SOA
refres algorithm that determines when the record changes will be
propogated.

Finally note that the entire concept of using TTLs in the DNS is
primarily there to build a mechanism for maintaining database
consistency.  As such on cannot expect distribution of changes in the
database to happen instantaneously (or even in less time than most users
would notice) no matter how carefully one controls the TTLs handed out
previously in records about to be changed.  As such using the DNS as a
mechanism to control fail-over in a real-time or near real-time
distributed system is fundamentally flawed by the very design of the DNS.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>     <woods at robohack.ca>
Planix, Inc. <woods at planix.com>;   Secrets of the Weird <woods at weird.com>



More information about the rescue mailing list