I need to know is there any solution for solving my problem. I have a BIND DNS server and consul as service discoverer. This is what i want as simple diagram:
How can I configure this sample setup and let BIND just resolve the A record to the IP address of the healthy load balancer server?
If the client queries the DNS server for the A record of domain.example, it must get the IP address of the Healthy (192.168.1.100) server
The sample configuration of consul for DNS shows how to configure SRV records, not A records. How can I get it to work with A records for the healthy server.
I need to tell bind ask record from consul but how? My example zone file:
$TTL 300 ;
$ORIGIN example.com.
@ 1D IN SOA ns1.example.com. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; nxdomain ttl
)
www IN A 192.168.0.2 ; how can i tell bind using consul as IP resolver on this record
consul using port for resolving and how can i tell bind to use consul instead.
Well... sad-to-say, you're kinda going to have a hard time doing this in production.
50% of the problem is updating the "healthy" records to point to the healthy server. There are ways of doing dynamic updates with bind, but unfortunately there is no way to convince bind itself to do some sort of checks to see if the server is healthy. You'll need to figure out a way to trigger a dynamic update when the healthy/unhealthy status is reached.
50% of the problem is also caching. The reality is, DNS is designed to be cached. There is a defined "TTL" field on DNS records that is essentially a defined time to cache the record. When you update the "healthy" records, clients will be forced to wait until the TTL is reached, and the records re-queried. Some applications have a built-in method that will attempt to re-query a record if the connection is dropped or could not be established, but there is no guarantee that this will be done.
You'd be better off using firewall rules to reject connections on the unhealthy server, and simply relying on the DNS server to advertise both servers, and allowing the application to try one, then the other (round-robin).
I believe everyone focusses too hard on the BIND server. According to the Consul documentation, you only need BIND to forward the DNS queries from port 53 to port 8600 which Consul uses. Consul is the DNS server in this setup.
Consul uses checks to determine which of the two (or more) servers is (are) the "healthy" one(s).
Next it can respond with both A and SRV records as can be seen in the documentation.
So instead of asking us to read through the entire Consul documentation and come up with a working configuration for you, why don't you provide us with your configuration files and tell us what is not working as expected. That way we can more easily help you solve the issue at hand.
The answer to that exact question is given in the documentation! PLEASE read the documentation!