Menu
▾
▴
Re: [MooseFS-Users] [v4] Suggestions about HA
|
From: Gandalf C. <gan...@gm...> - 2018-06-27 10:03:15
|
Il giorno mer 27 giu 2018 alle ore 11:11 Alexander AKHOBADZE <ba...@ya...> ha scritto: > I cant's see who prevents you to set up as many DNS servers as needed to > achieve HA of DNS-service? > > They can be isolated from all the rest of network (i.e. by firewall) to > be accessible only from MFS cluster parts. > > I.e. they also can colocate with Master servers on the same hardware and > host some fake DNS zone which is used only by MFS cluster. Let's assume an isolated network used as SAN. In this network you don't have internet access (or you have it very very limited) Relying to an external DNS server is prone to DNS attacks (even advanced DNS infrastructure like Dyn.com and Amazon were down due to an attack last year) If I have to add a local dns server only for MooseFS HA, I also need to keep additional public dns server for the rest of operating system (it doesn't matter if a public dns is down for some hours on a SAN, in these hours i don't run software updates or similiar, but the storage will be still up and running. Adding an additional resolver to /etc/resolv.conf not connected to anything, will slow down dns resolution, as all queries against anything except the moosefs master domain will fail and a new query (to another resolver should be made) So, 3 solution: 1) an additional parameter in mfsmaster.cfg: MASTER_DNS_SERVER=127.0.0.1 to be used for HA. Then MooseFS will fetch master severs from that dns server and not from the standard OS resolver. 2) adding a sort of scale-out dns service like Consul, so that each master will register itself to Consul. 3) adding a local dns server with forwarning capabilty (in example, PowerDNS). A local zone like "moosefs.master.lan" will be resolved locally, everything else will be forwarded to a public dns server Solution 2 is almost start-and-forget, solution 1 need some adjustments every time a new master node is added (we have to set the same value on all local dns servers) Solution 3 is similiar to solution 1, but doesn't require any extra flag in MooseFS , because we can set the local resolver in /etc/resolv.conf but still require some adjustments every time we add/remove one master server (we have to update the local zone file on every server) |
