Anycast DNS
(Okay, brand new year - must be time to get back on the blogging wagon ...)
Linux Journal recently had a really good article by Philip Martin on Anycast DNS. It's well worth a read - I just want to point it out and record a cutdown version of how I've been setting it up recently.
As the super-quick intro, anycast is the idea of providing a network service at multiple points in a network, and then routing requests to the 'nearest' service provider for any particular client. There's a one-to-many relationship between an ip address and the hosts that are providing services on that address.
In the LJ article above, this means you provide a service on a /32 host address, and then use a(n) (interior) dynamic routing protocol to advertise that address to your internal routers. If you're a non-cisco linux shop, that means using quagga/ospf.
The classic anycast service is dns, since it's stateless and benefits from the high availability and low latency benefits of a distributed anycast service.
So here's my quick-and-dirty notes on setting up an anycast dns server on
CentOS/RHEL using dnsmasq
for dns, and quagga zebra/ospfd
for the routing.
First, setup your anycast ip address (e.g. 192.168.255.1/32) on a random virtual loopback interface e.g. lo:0. On CentOS/RHEL, this means you want to setup a
/etc/sysconfig/network-scripts/ifcfg-lo:0
file containing:DEVICE=lo:0 IPADDR=192.168.255.1 NETMASK=255.255.255.255 ONBOOT=yes
Setup your dns server to listen to (at least) your anycast dns interface. With dnsmasq, I use an
/etc/dnsmasq.conf
config like:interface=lo:0 domain=example.com local=/example.com/ resolv.conf=/etc/resolv.conf.upstream expand-hosts domain-needed bogus-priv
Use quagga's
zebra/ospfd
to advertise this host address to your internal routers. I use a completely vanillazebra.conf
, and an/etc/quagga/ospfd.conf
config like:hostname myhost password mypassword log syslog ! router ospf ! Local segments (adjust for your network config and ospf areas) network 192.168.1.0/24 area 0 ! Anycast address redistribution redistribute connected metric-type 1 distribute-list ANYCAST out connected ! access-list ANYCAST permit 192.168.255.1/32
That's it. Now (as root) start everything up:
ifup lo:0 for s in dnsmasq zebra ospfd; do service $s start chkconfig $s on done tail -50f /var/log/messages
And then check on your router that the anycast dns address is getting advertised
and picked up by your router. If you're using cisco, you're probably know how to
do that; if you're using linux and quagga, the useful vtysh
commands are:
show ip ospf interface <interface> show ip ospf neighbor show ip ospf database show ip ospf route show ip routeblog comments powered by Disqus