Mailing List Archive: UDP and non-DSR ?

UDP and non-DSR ?

Sep 17, 2013, 7:44 PM

Post #1 of 3 (1314 views)

I have an application that's time sensitive enough that normal DNS timeouts won't work if one of them is down.

I have a pair of Serveriron 4G's, so it's natural to use a couple of name servers and load balance between them with a health check. I do this to access http on load balanced web servers and it works fine - the source address becomes the SI and the packet gets NATted both ways.

Question: When doing UDP DNS queries, how do I avoid DSR?

Thanks,

--- David

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

Re: UDP and non-DSR ? [ In reply to ]

esk-puck.nether.net at esk

Sep 19, 2013, 1:49 PM

Post #2 of 3 (1254 views)

Permalink

Since I haven't seen anyone else reply...

From what I remember, if you don't want to do any NAT and you also want
both directions of traffic to go through the load balancer (ie.
non-DSR), it must be in-line; I'm not completely sure what you are
asking, though. You can certainly put DNS servers behind the load
balancer and use source-nat, just like you do with your webservers.

Or are you having difficulty getting DNS replies back to the right
backend webserver?

--
Eldon Koyle
Information Technology
Utah State University
--
The founding fathers tried to set up a judicial system where the accused
received a fair trial, not a system to insure an acquittal on technicalities.

On Sep 17 22:44-0400, David Miller wrote:
> I have an application that's time sensitive enough that normal DNS timeouts won't work if one of them is down.
>
> I have a pair of Serveriron 4G's, so it's natural to use a couple of name servers and load balance between them with a health check. I do this to access http on load balanced web servers and it works fine - the source address becomes the SI and the packet gets NATted both ways.
>
> Question: When doing UDP DNS queries, how do I avoid DSR?
>
> Thanks,
>
> --- David
>
>
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

Re: UDP and non-DSR ? [ In reply to ]

dmiller at metheus

Sep 23, 2013, 9:15 AM

Post #3 of 3 (1257 views)

Permalink

On Sep 19, 2013, at 4:49 PM, Eldon Koyle wrote:

> Since I haven't seen anyone else reply...
>
>> From what I remember, if you don't want to do any NAT and you also want
> both directions of traffic to go through the load balancer (ie.
> non-DSR), it must be in-line; I'm not completely sure what you are
> asking, though. You can certainly put DNS servers behind the load
> balancer and use source-nat, just like you do with your webservers.

It worked automagically with the web servers, I assume because it's TCP. Doing the same thing with DNS had a different outcome.

> Or are you having difficulty getting DNS replies back to the right
> backend webserver?

I was having problems with unintended DSR :) The client address wasn't nat'd by the SI, and since the client IP was on the local network the reply went directly to the client. I ran into problems on the nameservers themselves setting up DSR.

I ended up moving the two nameservers to a different network. Packets now go through the SI both ways, NAT happens properly, and life is good. Maybe next time I'll take a better look at getting DSR right as this seems like a perfect use for it.

Thanks for the help Eldon. I can't believe the S/N ratio on this list, and will now go back into lurk mode so as not to lower it.

--- David

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp