Having hit these issues myself, I heavily recommend a real frontend proxy like nginx or varnish.
On 01/18/2011 12:45 PM, William Herrin wrote: > On Tue, Jan 18, 2011 at 12:42 PM, Sergey Voropaev > <serge.devo...@gmail.com> wrote: >> Does any one know software sollutions (free is preferable) like as cisco GSS >> and F5 BIG-IP? The main point is that DNS-server (or dns server plugin) must >> be able to monitor server availability (for example by TCP connect) and from >> DNS-reply depends on it. > Sergey, > > I have no suggestions that directly answer your question. I'd write a > script against bind myself. But if you're trying to fail over a web > server, you're walking into a nasty trap. > > "DNS pinning" obstructs web browsers from finding a server on an > alternate IP address regardless of the DNS TTL. The core issue is that > allowing a browser running javascript to connect to a server other > than the one from which the script came is a gigantic security hole. > Someone realized you could do that by changing the IP address the host > name pointed to, so now there's a convoluted and not entirely > standardized set of rules for when and whether the browser allows it. > > Net result is that in some cases a user's long-running browser will > indefinitely ignore the change you made to the DNS. I've seen such > things persist for months. > > For better or for worse, the way you -reliably- fail over a web server > is with routing and middleboxes like a load balancer. > > Regards, > Bill Herrin > >
