Menu
▾
▴
Re: [MooseFS-Users] [v4] Suggestions about HA
|
From: Alexander A. <ba...@ya...> - 2018-06-27 10:27:22
|
As far as I understand Solution 1 affects not only Master. In any form chunk and client also should be informed about MASTER_DNS_SERVER. As for Solution 3 you can avoid updating local zone file on every server by setting up DNS-servers in primary/secondary mode. In this case you have to update zone file only on primary. All secondaryes will receive changes automatically. And finally to avoid slow down of the DNS resolution CARP can be used among DNS-servers (or something similar). DNS clients will use HA CARP IP. In case of primary DNS-server's failure CARP IP will be activated on secondary DNS-server and clients will not see any difference. On 27.06.2018 13:02, Gandalf Corvotempesta wrote: > Il giorno mer 27 giu 2018 alle ore 11:11 Alexander AKHOBADZE > <ba...@ya...> ha scritto: >> I cant's see who prevents you to set up as many DNS servers as needed to >> achieve HA of DNS-service? >> >> They can be isolated from all the rest of network (i.e. by firewall) to >> be accessible only from MFS cluster parts. >> >> I.e. they also can colocate with Master servers on the same hardware and >> host some fake DNS zone which is used only by MFS cluster. > Let's assume an isolated network used as SAN. > In this network you don't have internet access (or you have it very > very limited) > Relying to an external DNS server is prone to DNS attacks (even > advanced DNS infrastructure > like Dyn.com and Amazon were down due to an attack last year) > > If I have to add a local dns server only for MooseFS HA, I also need > to keep additional public dns server for > the rest of operating system (it doesn't matter if a public dns is > down for some hours on a SAN, in these hours i don't > run software updates or similiar, but the storage will be still up and running. > > Adding an additional resolver to /etc/resolv.conf not connected to > anything, will slow down dns resolution, as all queries > against anything except the moosefs master domain will fail and a new > query (to another resolver should be made) > > So, 3 solution: > > 1) an additional parameter in mfsmaster.cfg: > MASTER_DNS_SERVER=127.0.0.1 > to be used for HA. Then MooseFS will fetch master severs from that dns > server and not from the standard OS resolver. > > 2) adding a sort of scale-out dns service like Consul, so that each > master will register itself to Consul. > > 3) adding a local dns server with forwarning capabilty (in example, > PowerDNS). A local zone like "moosefs.master.lan" will be resolved > locally, everything else will be forwarded to a public dns server > > Solution 2 is almost start-and-forget, solution 1 need some > adjustments every time a new master node is added (we have to set the > same value on > all local dns servers) > > Solution 3 is similiar to solution 1, but doesn't require any extra > flag in MooseFS , because we can set the local resolver in > /etc/resolv.conf but still require > some adjustments every time we add/remove one master server (we have > to update the local zone file on every server) |
