Why to use MULTIPLE NAME SERVERS...

-
Multiple Name Servers:
As described in the previous tutorial on DNS, two to seven name servers can be registered against a domain name. These are DNS servers that contain information on where to find services (such as www or email) for a particular domain name. There are two main reasons for providing more than one DNS server for each domain. The first is to provide protection against a DNS server going down- if a DNS server failed for any reason (eg. power outage, communication failure etc.) the domains using this DNS server would be unobtainable since the IP address of these domains could not be retrieved. Instead, having two or more (which should be geographically and topologically seperate) means that if a request to one of them fails, the name server can be requested again. The name servers are requested and in normal circumstances, information from any of the DNS servers is used (which normally contain the same information). The chances of two DNS servers going down independently to each other are very slim.
Lets walk through what happens when one DNS server fails for a request to www.wight-hat.com. The name servers registered against the domain name wight-hat.com are “ns1.wight-hat.com 78.40.39.230″ and “ns2.wight-hat.com 64.15.153.83″ when one of the name servers is down.
  1. The ISP requests the name server for wight-hat.com and receives the name servers. The name servers are “ns1.wight-hat.com 78.40.39.230″ and “ns2.wight-hat.com 64.15.153.83″.
  2. A request is sent to 78.40.39.230 for the location of wight-hat.com but, this DNS server is not online and the request fails.
  3. A request is sent to 64.15.153.83 for the location of wight-hat.com and the DNS record information is returned.
Round Robin configuration: Each DNS record can have more than one record for a given domain. For instance, when looking for a web page the DNS supplies an “A” record but there can be more than one A record entry. These IP addresses are delivered in rotation so if there were two A records, alternate IP addresses would be served on each request. Suppose a very high traffic website was starting to show a speed lag because the server that the site was on could not handle the amount of requests/ traffic/ processing. An additional server could be employed so that it would share the load. So how do you share the load when you have one domain name that everyone is accessing the website through? You configure one DNS records to point to both the first web server and second server. In this way, each request will receive alternating IP addresses and these will give alternating IP addresses for the website servers thus sharing the load 50/50. With up to seven name server entires it is simple to configure up to seven web servers to share the load of a very high traffic website. This is known as load balancing.
If one of the servers had twice the capacity of the other, you may wish to send it twice as much traffic. In this case you would duplicate the A record for the high capacity server so that you had 3 A records- 2 for the high capacity server and 1 for the other server. Your server load would now be split 66/33.
Whilst this is an effective way to load balance servers, it provides no protection against a server becoming unavailable. Using DNS records we have come up with a method of providing protection against this eventuality as well as load balancing which we discuss in the next section.

Comments

Post a Comment

Popular posts from this blog

Upgrading the firmware on a standalone Fortigate unit or units in an HA cluster

-
Understanding upgrade paths: Each firmware version has an upgrade path requirement from older versions. Most of the time when you are in a MR (major release) patch level, you can upgrade straight to any patch level within the MR. ex: 1) currently, a fortigate unit is running 4.0 MR3 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You can simply upgrade it directly to 4.0 MR3 patch 11. Most of the time when you are upgrading from a MR to the next MR, you can upgrade straight to any patch level in the next MR as long as you are at the highest patch level in the lower/previous MR. ex: 1) currently, a fortigate unit is running 4.0 MR2 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You must first upgrade it to 4.0 MR2 patch 13 (highest 4.0 MR2 patch). 4) Then you can upgrade to 4.0 MR3 patch 11. You should ALWAYS refer to the release notes of the firmware release you wish to upgrade your unit. Even, for comfort, just open a ticket...
Read more

Traffic Shaping With Fortigate

-
FortiGate v4.0 Description This article describes the Traffic Shaping features that have been implemented in FortiOS 4.0 In FortiOS version 4.0, the traffic shaping has been enhanced. Diagnose commands allowing to verify each traffic shaper's usage and giving more configuration flexibility. See also the related articles at the end of this page for additional information. Solution Summary 1- Traffic shaping configuration is dissociated from the Firewall policies allowing multiple policies to use common configurations 2- Possibility to use independent configurations in policies for forward and reverse traffic directions 3- The P2P shaping capabilities are now defined at the application control level 4- Troubleshooting packet loss with statistics on traffic shaping configurations 5- Troubleshooting packet loss with the debug flow diagnose commands 6- Session list details with dual traffic shaper (forward and reverse traffic) 1- Traffic shaping configuration is di...
Read more