I am having a bit of a head ache trying to setup my own HA solution with docker and nginx in the front acting as a load balancer.
They are actually configured by now. But as a fallback if the main node shuts down, I want to use another one since the nginx configuration for load balancing is replicated.
I thought that if I have two nodes, both set up with PowerDNS (alongside with nginx and docker), and I set those DNS servers to one of my domains, when a node shuts down, since the node is carrying the DNS server, subsequent requests will fetch the info from the other DNS server, in which the A record is configured to point to the local IP (and that way, points to the other load balancer).
Seems like I can't make that work.
Given that I have the following servers:
server_1 IP = 1.1.1.1
server_2 IP = 1.1.2.2
Each of them have a DNS server set up with PowerDNS (and fully functional, according to dig and other tests).
I got my domain DNS servers pointing to them:
ns1.example.com ---> 1.1.1.1
ns2.example.com ---> 1.1.2.2
ns1.example.com DNS server has:
example2.com A 1.1.1.1
ns2.example.com DNS server has:
example2.com A 1.1.2.2
So. Shouldn't example2.com point to 1.1.1.1/1.1.2.2 when both servers are running, but when the first server is not available, point to 1.1.2.2?
Well. When I shut down the first server and try, it gives me the IP of the first server instead of the second.
Even dig example2.com #ns2.example.com is giving me the IP defined in the A record for example2.com in the first DNS server.
Am I wrong, or there's something weird here?
I don't know where you got the idea that name servers are listed in some sort of priority order, but it's just plain wrong. All name servers authoritative for a zone are expected to have exactly the same content. Resolvers chose name servers to ask at random, to spread the load between them. Providing the authoritative servers with differing contents will only give the end users inconsistent results, not anything useful.
Also, you have forgotten that resolvers cache the answers they get. Even if DNS had worked as you thought (which is doesn't), it would have taken a resolver minutes or hours to notice the "failover".
Related
I've been reading up a lot about DNS lately and have even searched on stack overflow for information, but I can't seem to find this. Please correct me if there's mistake along the way.
Assuming that I want to go to example.com. The way I understand how DNS works is that
It looks on the local client machine for a cached record. If the cache has the record, everything's good. If it doesn't, it moves to step 2.
Makes a request for the domain name to DNS resolver provided by Internet Service Provider (ISP).
If DNS resolver has the domain name record cache, the IP Address is returned and all is well. If it doesn't, it moves to step 4.
DNS resolver uses the DNS Root server hints file to request Root Servers to resolve the appropriate nameserver for Top Level Domain (TLD) (ie: .com, .net, .io).
The request then gets passed down to the TLD server, in this case, responsible for .com. TLD servers have records of nameservers that could resolve "example" called authoritative servers.
The authoritative server then has a record of "example" and returns the IP address to the ISP DNS resolver, who caches that record and returns it to the client who will also cache that record.
My question is lets assume I am typing in "example.ca", but the actual name should be example.com/ca since example.ca does not exist, how does DNS figure out that example.com/ca is the correct entry assuming that neither the local machine nor the ISP DNS resolver has this record cached?
There is no black magic, and it does not have anything to do with DNS: there is a webserver running on http(s)://netflix.ca, and all it does is serve a redirect to https://netflix.com/ca
In this moment, I am learning how the DNS and domains resolutions work and I have a question.
Let's take a.test.com for example.
As I understand it, first of all, the intermediary ISP DNS server is called. If it has the domain IP in cache, it returns it. Otherwise, it does consecutively these following tasks :
It calls a root DNS server which returns a com DNS server IP
It calls that top level DNS server which returns the test.com DNS server IP
It calls that DNS server to finally get a.test.com's IP
Is it correct ?
And now what does it happen when we resolve a.b.c.test.com ?
Does it call another DNS server or does the c.test.com's DNS server contain the a.b.c.test.com's IP ?
Thanks
Yes, you are pretty much correct. Nothing different will happen in next steps: c.test.com will respond with a referral to more authoritative server (the one for b.c.test.com), or if itself is authoritative then it will respond with an answer.
for a research project I want to get the IP addresses of millions of domains. I don't want to overload a single DNS server of course. My idea would be to distribute the queries to a (few) hundred or so open dns resolvers (i.e. from http://public-dns.tk/). How can I do this? Would it be enough to install dnsmasq and add the 100 or so DNS servers to /etc/resolv.conf or would dnsmasq only query the first/second entry of the list? Caching doesn't matter since every domain is only once in the list.
I guess installing a full blown dns server with querying the root server directly is not a good idea?
You can specify the IP/address of DNS server in the dig query, that you fire:
dig #<IP_OF_DNS_SERVER> www.google.com
Example, below queries go against OpenDNS, and Google DNS respectively:
dig #208.67.222.222 www.manish-m.com
dig #8.8.8.8 stackoverflow.com
I am launching the site with many subdomains. Currently when I'm tweaking it on my hosting using hosts file to point to the IP address all if fine. But when I made it live for the whole world, some parts are broken and do not want to load. for example the www and others.
I'm using a third party DNS for DNS. What should I use A NAME records or CNAME records to make it work.
Currently I have 2 records for A records:
localhost
and mydomain IP address
in CNAME I have:
two records for mail and ftp
What type of record you should use depends on what you are referencing to:
A records are used to reference an IPv4 address. (173.194.70.100)
CNAME records are used when referencing to another DNS name (google.com)
I don't understand why you want to make a DNS record that points to localhost. Since localhost like 127.0.0.1 always means the local machine anyone trying to connect to that address will connect to their local machine.
Some good examples of the use of common DNS record types: http://www.debianhelp.co.uk/dnsrecords.htm
When troubleshooting DNS issues (specifically whether a domain is resolving), what is the proper way to check so that you get accurate results? DNS info is cached throughout the internet, and different machines (like local machine) or service (like pingdom) has different results.
How to check the DNS so that you know what you will get after it propagates?
Working with Heroku and CloudFlare.
In most common cases you can use tools such as: dig or host. Both tools are made for query name servers to retrieve info. You can also use a simple "ping something.domain.com" in order to see if IP has changed. But I suggest you to use different DNS's on the computer you're using to test. Actually Google DNS replicate so fast ( 8.8.8.8 ).
Not on purpose DNS poisoning: Keep in mind if you're pinging something that is recently configured/changed on your name server and still not propagated you'll "poison" the DNS's cache and this data is going to expire, but later...( Always depending on domain name TTL's of course ).
Using a new DNS wich never has known that domain you're sure the request is made for the first time and it's going to be made without asking any cache.
Example:
To get all the DNS servers for domain.com:
$ host -t ns domain.com
domain.com name server ns2.domain.com.
domain.com name server ns3.domain.com.
To ask a domain name for something.domain.com:
$ dig #nameserver something.domain.com
You can also ask for TXT, CNAME types and so on...
Examples:
AXFR retrieval test:
$ dig #domainname domain.com AXFR
Or get all Mail Exchange (MX) server for a domain:
$ host -t MX domain.com
domain.com mail is handled by 10 smtp.godo.com.
domain.com mail is handled by 20 smtp2.godo.com.
Hope it helps.
Cheers! :)
http://en.wikipedia.org/wiki/Nslookup
To get a "Non-authoritative" answer from your local name server that would be e.g.:
nslookup test.com
To check the name server where the domain is listed that would be e.g.:
nslookup test.com nameServerOfTest.com