I have a question regarding destination determination of DNS lookups when a machine is connected to multi network interfaces (Linux).
Intro:
I am developing a Linux box which is connected to 2 (or more) networks.
Each Network interface is connected to a different network (ISP) and receives (DHCP) different IP / Default Gateway and 2 DNS servers.
The box runs different network applications (clients) which are bounded to a specific interface.
For example:
Application A connects to a server via network 1 (interface 1).
Application B connects to a server via network 2 (interface 2).
I can use source based routing to control the destination interface for each Application.
(In Linux with routing policy - ip rule/ ip route / etc…).
My question is regarding DNS lookups:
Linux share one resolv.conf file, both networks (1,2) DNS server are maintained in this file.
When an application uses the standard getaddrinfo() function, it uses Linux default resolving mechanism (which goes through the reolv.conf file).
This means that Application B can send its DNS queries to a DNS server which is related to network 1.
I have access to the code, I can do it manually and send a DNS query directly to a specific DNS server from my application, but this is not the preferred option.
Is there standard ways (code/or configuration) to cause DNS lookups from Application A choose network 1 DNS server and Application B choose network 2 DNS server?
Thanks
No. You'll need to perform DNS resolution in a different manner than depending on the IP stack.
Related
I'm going to host a web site in one of my computers toaccess it from the another computer. (Same local network) This what I have done so far.
Step 1 : Host the web site in IIS.
Step 2 : Using "Edit bindings" I changed the host name.
Step 3 : Then I changed the host file located at "C:\Windows\System32\drivers\etc"
192.168.8.100 mylocalhost.com
Step 4 : Turn off both private and public windows firewalls. (I know this is bad. But for now its fine. I can add inbound rules after resolving this issue)
I try to access to the url http://mylocalhost.com:8082 using hosted environment. It is success, but when I try to access that url from the other computer(in the same local network) it cannot be access. Without the above binding name (mylocalhost.com), I can access to the web site using http://192.168.8.100:8082
I want to access to the website using a url with any computer/mobile device connected to the local network. Can anyone show me a direction to resolve my issue?
Environment Information
Windows 10
IIS (version 10)
Your problem is step 3 - your assumption that the host file on a single client computer will apply to all computers on your network. You need a server of some description for the behaviour you describe.
A hosts file is only used by that single computer to resolve or override dns. Each computer has it's own file and there is no default way of sharing this file with other computers on the network. Your choices are:
Add the host file entry to each device.
Setup a DNS server. your router might support this, and is likely providing the DNS server to your clients via DHCP so no additional config would be nessersary. Just login to its web interface and configure the dns name. If your router cant do it for you you would need a DNS service running on one of your computers and then configure either your routers dhcp/dns to use this new DNS service, or manually configure all clients to use the new DNS for their DNS resolution.
Setup an active directory server and join all your pcs to the domain (setting up AD includes a DNS server).
Some Public DNS providers allow you to specify a private ip in public dns. So assuming you owned the domain example.com you might be able to create an A record my.example.com for your 192.168.8.100 ip address. This would be public, but only devices on your private network would actually be able to connect to your server (ie different physical computers/networks that happen to use the same internal ip).
We are hosting our website at SmarterASP.net but because of their database limitation, we are moving the database to Azure. To connect to external ports (on different servers), SmarterASP requests us to add their IP address to the list of Outgoing Ports. Microsoft's DB address is:
[ourcompany].database.windows.net
Two questions:
1 - I shouldn't trust that the IP I got when pinging Microsoft's database dns is static and never changes, should I?
2 - Why SmarterASP tells me it's not possible to add the DNS in their firewall? According to them, it has to be the IP address. Is that common?
I have 3 VMs (app, content, DB) that are part of an application deployment. I need to clone multiple copies of this VM set. There is a common web server for all sets that proxies requests to the app server in each set.
Because hostnames are duplicated, I believe I can put each SET of 3 VMs into their own subnet and prevent communication and hostname duplication.
The web server will be outside these subnets (I guess in its own subnet).
If you have multiple hosts with the same hostname in the same VNET, will they have the same internal DNS name? The fact that they are firewalled into separate subnets should prevent cross traffic?
The web server will proxy based on IP address, since hostname will not resolve easily.
An alternative is one web server per VM set, 4 servers per VNET. This will work, but means 25% more VMs to manage.
Anyone suggest the "typical" way a network engineer would architect this? (Yes this could be cross posted to networking group, but it is dependent upon Azure specifics as well as general network architecture).
Many thanks experts.
You cannot have multiple hosts with the same hostname and internal DNS name. These have to be unique. The alternative seems more favorable here.
In the world of microservices endpoints should not (must not) be hardcoded. One of the best ways to do this is to have a DNS and let each microservice register while starting. By doing this whenever microservice A wants to communicate with microservice B it just asks DNS for endpoints where B currently listens.
What I do not understand is: How microservices know where the DNS lives?
Basically DNS is just a 'special' service and I can have one or multiple instances of it right? So I should not hardcode it's endpoint too or should I? And let's say I do - what if DNS instnace is moved to different location? Do I have to manually change it's location in configuration?
Does anyone happen to know how to design this? (or can anyone just point me to any document where this is explained since although there are many information about microservices and dns I can not find this particular information anywhere - maybe it's just too trivial and I am the only one who does not get it)
Manual setup of DNS is possible, as stated by the other answers, but I would recommend to use an infrastructure that supports the service discovery in all respects. For example kubernetes has built in DNS support and makes it very easy to expose a service that can consist of any number of Pods.
An infrastructure technology like kubernetes will also make many other respects of the microservices architectural style easier to implement, including high availability and scalability.
Please see the official docs for some more information.
DHCP solves this problem. When a host boots it sends a broadcast DHCP message. The DHCP server responds with many values, one of which is the location of DNS servers.
In the case of micro services, the host OS (or container host) will be configured for DNS via DHCP. The microservice code uses the OS DNS functions to resolve addresses.
https://en.m.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
You can use your local network to discover services, via Dhcp and whatnot. But that requires that all services are already "registered" within that DNS server.
Microservices can find each other via service discovery, server or client side. If you choose client side service discovery, you can use tools like Consul, which provides a bunch of great features. One of which is a DNS endpoint which allows queries via SRV records with <serviceName>.consul.service domain names.
Consul has it's own DNS endpoint, you can configure your services to use that (usually on port 8600 locally, as Consul agents run locally).
But you can also configure an actual DNS server to forward questions to Consul, so that you can easily mix service discovery drive by Consul with manually setup services within a Bind instance or similar...
Known hostname solution. The fixed part would be the service domain name, for instance xservice.com. You can query this host using standard DNS tools (e.g., dig in your shell, etc).
Finally, in the DNS bound to xservice.com you then add a SRV record with further details.
A SRV record lists all the service details, including:
the symbolic service name;
the canonical hostname of the machine providing the service;
the TCP (or UDP) port on which the service is available.
There are many other info as well. Please see Wikipedia for the complete list.
Please keep in mind this is a somewhat static solution. If you are looking for a more dynamic one, then Oswin answer might be a better fit :-)
I'm setting up a test web farm in Azure. Consisting of:
Four Ubuntu Servers
Two balancers running HAProxy + Keepalived
Two web servers running Apache
Keepalived has been configured and everything has been working fine. HAProxy performs great.
My issue is that I want to enable the Keepalived failover clustering, but I can't seem to figure out how to create an Input Endpoint in Azure for the virtual IP address that the Keepalived VRRP is using.
In other words, I want to create an Input Endpoint for a virtual IP address in Azure, but not for an existing VM. So far, the only thing I've been able to do is create Input Endpoints for existing VMs (using their IP) for specific port numbers. I want to be able to configure:
Take TCP requests on port XX and map them to IP address YY.YY.YY.YY on port ZZ
Anyone know of a way to do this? I've looked on both portals (new and old) and the closest thing I see is the Cloud Services page for my VNET has the Input Endpoints listed. But no add/edit button.
This is not currently possible in Azure. Azure IaaS VMs do not yet support multiple IPs per interface, so keepalived will not be able to move a VIP between the nodes. We tried to do the same thing and were told it's not currently available. However, it's supposed to be on the road-map and it is "coming", as is the ability to have multiple interfaces per machine.
Input endpoints are to expose some service on a single VM (it's a NAT), and they are not attachable to an actual interface. The only option that I thought through, was to use Azure's Traffic Manager to round robin between the two HAProxy instances using two exposed endpoints, with a health check to fail to a single HAProxy instance if one fails.