cover

Anycast

tech
top
Index
1 Goal
2 The Network
3 The DNS servers
4 Anycast

3. The DNS servers

3.1. Installing a DNS server

Install the software: 
apt-get install bind9 dnsutils

Next is a bit of a cheat. For my normal network I configure DNS with a script and I do not feel like redoing that by hand. The head of the script is specific for the DNS-server: 
$i_am="xenial1";
$i_am_domain="home";
$i_am_long="xenial1.home";
$i_am_ip="10.128.5.2";

So I got the script to xenial1 and xenial2 and provided the input-file: 
xenial1 10.128.5.2
xenial2 10.128.6.2
xenial3  10.128.7.2
xenial4  10.128.8.2
r1       10.128.3.1
r2       10.128.4.1
r3       10.128.3.2
r4       10.128.4.2

Both files are available on /vagrant so they can ve used directly from the setup-script: 
 #!/bin/bash
 echo "Setup xenial1"
 ETH1=$(dmesg | grep -i 'renamed from eth1' | sed -n 's/: renamed from eth1//;s/.* //p')
 
 ifconfig $ETH1 10.128.5.2 netmask 255.255.255.0
 route add -net 10.128.0.0 netmask 255.255.0.0 gw 10.128.5.1
 netstat -rn
 
 apt-get update
 echo "apt-get -y install bind9 dnsutils"
 apt-get -y install bind9 dnsutils
 
 cd /etc/bind
 perl /vagrant/make_config.1.perl /vagrant/dns-input-file
 
 cat > /etc/resolv.conf <<EOF
 domain home
 search home
 nameserver 127.0.0.1
 EOF
 cat > /etc/hosts <<EOF
 127.0.0.1    localhost
 10.128.5.2   xenial1.home xenial1
 EOF
 hostname xenial1
 domainname home
 
 hostname 
 domainname
 echo  /etc/resolv.conf
 cat  /etc/resolv.conf
 echo /etc/hosts 
 cat /etc/hosts 

If you use the standard debian Bind9, your name-lookups will give the message that the name-server does not allow recursion. To fix that, add in /etc/bind/named.conf.options the line 
allow-recursion {10.128.0.0/16;};

And then it works: 
ljm[anycast]$ vagrant ssh xenial2 -t -- nslookup r1
Server:		127.0.0.1
Address:	127.0.0.1#53
Name:	r1.home
Address: 10.128.3.1

3.2. The clients.

Here is the set-up script for xenial3: 
 #!/bin/bash
 
 ETH1=$(dmesg | grep -i 'renamed from eth1' | sed -n 's/: renamed from eth1//;s/.* //p')
 
 
 ifconfig $ETH1 10.128.7.2 netmask 255.255.255.0
 ifconfig -a
 route add -net 10.128.0.0 netmask 255.255.0.0 gw 10.128.7.1
 netstat -rn
 hostname xenial3
 domainname home
 apt-get update
 apt-get install sysvbanner
 
 banner hosts
 cat >/etc/hosts <<EOF
 127.0.0.1        localhost
 10.128.7.2        xenial3.home        xenial3
 EOF
 
 banner resolv
 cat > /etc/resolv.conf <<EOF
 domain home
 search home
 nameserver 10.128.5.2
 nameserver 10.128.6.2
 EOF
 banner result
 hostname
 domainname
 netstat -rn
 echo "/etc/hosts:"
 cat /etc/hosts
 echo "/etc/resolv.conf:"
 cat /etc/resolv.conf
 
 ping -c1 10.128.7.1

3.3. Testing it

OK. fire-up the routers and the virtual machines and try on xenial3: 
ljm[anycast]$ vagrant ssh xenial3 -t -- nslookup r1
Server:		10.128.224.2
Address:	10.128.224.2#53
Name:	r1.home
Address: 10.128.3.1

And put a wireshark on the line to see the packets:

normal_dns_query.jpg>


normal_dns_reply.jpg>

3.4. The problem

This works very nice, but if the first server is down, it will take some time before the second server is used. To show the effect, stop the name server on xenial1 and do an nslookup. 
ljm@verlaine anycast]$ vagrant ssh xenial4 -c 'time nslookup r1'
Server:         10.128.5.2
Address:        10.128.5.2#53
Name:   r1.home
Address: 10.128.3.1
real    0m0.103s
user    0m0.007s
sys     0m0.002s
Connection to 127.0.0.1 closed.
[ljm@verlaine anycast]$ vagrant halt xenial1
==> xenial1: Attempting graceful shutdown of VM...
[ljm@verlaine anycast]$ vagrant ssh xenial4 -c 'time nslookup r1'
Server:         10.128.6.2
Address:        10.128.6.2#53
Name:   r1.home
Address: 10.128.3.1
real    0m1.036s
user    0m0.006s
sys     0m0.003s
Connection to 127.0.0.1 closed.
[ljm@verlaine anycast.vagrant]$ vagrant ssh xenial3 -c 'time nslookup r1'
Server:  10.128.6.2
Address: 10.128.6.2#53
Name:    r1.home
Address: 10.128.3.1
real     0m1.045s
user     0m0.006s
sys      0m0.011s

This takes a full second longer. So what happens is this:

normal_dns_second.jpg>

The cycle starts at number 3 with a request from xenial3. Because only bind9 is down, there is an ICMP reply. Then, after a time-out, xenial3 tries the next server (destination 10.128.6.2) and gets a reply.

Unavailability of a name server will not stop the rest of the network from working but it will slow down all the applications. For example, if a web-page contains adds from 4 different servers, it will take up to 5 seconds longer to load. That may not be acceptable.