-1

I am having a bit of a head ache trying to setup my own HA solution with docker and nginx in the front acting as a load balancer.

They are actually configured by now. But as a fallback if the main node shuts down, I want to use another one since the nginx configuration for load balancing is replicated.

I thought that if I have two nodes, both set up with PowerDNS (alongside with nginx and docker), and I set those DNS servers to one of my domains, when a node shuts down, since the node is carrying the DNS server, subsequent requests will fetch the info from the other DNS server, in which the A record is configured to point to the local IP (and that way, points to the other load balancer).

Seems like I can't make that work.

Given that I have the following servers:

server_1 IP = 1.1.1.1

server_2 IP = 1.1.2.2

Each of them have a DNS server set up with PowerDNS (and fully functional, according to dig and other tests).

I got my domain DNS servers pointing to them:

ns1.example.com ---> 1.1.1.1

ns2.example.com ---> 1.1.2.2

ns1.example.com DNS server has:

example2.com A 1.1.1.1

ns2.example.com DNS server has:

example2.com A 1.1.2.2

So. Shouldn't example2.com point to 1.1.1.1/1.1.2.2 when both servers are running, but when the first server is not available, point to 1.1.2.2?

Well. When I shut down the first server and try, it gives me the IP of the first server instead of the second.

Even dig example2.com @ns2.example.com is giving me the IP defined in the A record for example2.com in the first DNS server.

Am I wrong, or there's something weird here?

Asier Paz Martínez
  • 151
  • 2
  • 8
  • Do **NOT** use IP address 1.1.1.1 in examples, this is plain wrong. This is a valid IP currently being used for a service provided to a lot of people, so do not use it. Use RFC5737 to obfuscate IP addresses, if really needed. – Patrick Mevzek Jun 07 '18 at 13:18
  • It's just an example... – Asier Paz Martínez Jun 08 '18 at 10:09
  • **NO** you are hijacking an IP that is not yours, use the relevant IP reserved for examples, read RFC5737. People doing things like that are the reason why some innovations can not happen (for example the `.MAIL` TLD will never exist because it was abused as "example" in many documentation). **STOP** doing that, `1.1.1.1` is valid IP not an "example" and not yours, so do not use it. – Patrick Mevzek Jun 08 '18 at 13:31

1 Answers1

0

I don't know where you got the idea that name servers are listed in some sort of priority order, but it's just plain wrong. All name servers authoritative for a zone are expected to have exactly the same content. Resolvers chose name servers to ask at random, to spread the load between them. Providing the authoritative servers with differing contents will only give the end users inconsistent results, not anything useful.

Also, you have forgotten that resolvers cache the answers they get. Even if DNS had worked as you thought (which is doesn't), it would have taken a resolver minutes or hours to notice the "failover".

Calle Dybedahl
  • 5,228
  • 2
  • 18
  • 22