bwight's questions

This problem from what i can tell is isolated to PowerDNS. The servers are running two packages pdns-static-3.0.1-1.i386.rpm and pdns-recursor-3.3-1.i386.rpm on the most recent version of Amazon Linux.

The amazon ec2 loadbalancers are assigned a CNAME with multiple hosts. Below is an example of the actual behavior. Notice how the hosts are always in the same order.

[root@localhost ~]# host cache.domain.com
cache.domain.com is an alias for xxxxx.us-east-1.elb.amazonaws.com.
xxxxx.us-east-1.elb.amazonaws.com has address aaa.aaa.aaa.aaa
xxxxx.us-east-1.elb.amazonaws.com has address bbb.bbb.bbb.bbb
[root@localhost ~]# host cache.domain.com
cache.domain.com is an alias for xxxxx.us-east-1.elb.amazonaws.com.
xxxxx.us-east-1.elb.amazonaws.com has address aaa.aaa.aaa.aaa
xxxxx.us-east-1.elb.amazonaws.com has address bbb.bbb.bbb.bbb
[root@localhost ~]# host cache.domain.com
cache.domain.com is an alias for xxxxx.us-east-1.elb.amazonaws.com.
xxxxx.us-east-1.elb.amazonaws.com has address aaa.aaa.aaa.aaa
xxxxx.us-east-1.elb.amazonaws.com has address bbb.bbb.bbb.bbb

Expected behavior is round robin for the hosts

[root@localhost ~]# host cache.domain.com
cache.domain.com is an alias for xxxxx.us-east-1.elb.amazonaws.com.
xxxxx.us-east-1.elb.amazonaws.com has address aaa.aaa.aaa.aaa
xxxxx.us-east-1.elb.amazonaws.com has address bbb.bbb.bbb.bbb
[root@localhost ~]# host cache.domain.com
cache.domain.com is an alias for xxxxx.us-east-1.elb.amazonaws.com.
xxxxx.us-east-1.elb.amazonaws.com has address bbb.bbb.bbb.bbb
xxxxx.us-east-1.elb.amazonaws.com has address aaa.aaa.aaa.aaa
[root@localhost ~]# host cache.domain.com
cache.domain.com is an alias for xxxxx.us-east-1.elb.amazonaws.com.
xxxxx.us-east-1.elb.amazonaws.com has address aaa.aaa.aaa.aaa
xxxxx.us-east-1.elb.amazonaws.com has address bbb.bbb.bbb.bbb

The addresses eventually do swap but it seems to be on a 30 minute cache timer changing the TTL of the record doesn't appear to affect anything. It appears as though the resolver has a cache of the response. This adversely affects my application because all of the load is only being sent to one of the loadbalancers (Availability Zones) so if I have servers in two zones then only one zone is under load at a time.

Do you know how I can fix this so that each time the host is resolved the order of the addresses is alternating.

DIG OUTPUT

;  DiG 9.7.6-P1-RedHat-9.7.6-1.P1.18.amzn1  cache.domain.com
;; global options: +cmd
;; Got answer:
;; HEADER opcode: QUERY, status: NOERROR, id: 54610
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
cache.domain.com.           IN      A

;; ANSWER SECTION:
cache.domain.com.    100     IN      CNAME   xxxxx.us-east-1.elb.amazonaws.com.                                                                                                                 
xxxxx.us-east-1.elb.amazonaws.com. 3 IN A aaa.aaa.aaa.aaa
xxxxx.us-east-1.elb.amazonaws.com. 3 IN A bbb.bbb.bbb.bbb

;; Query time: 0 msec
;; SERVER: ccc.ccc.ccc.ccc#53(ccc.ccc.ccc.ccc)
;; WHEN: Mon Jul  2 15:09:27 2012
;; MSG SIZE  rcvd: 130

Recursor config

allow-from=0.0.0.0/0
dont-query=
local-address=127.0.0.1
local-port=530                                                                  # Port should be changed to 530 because its not good to run on the same port as dns server
quiet=yes
setgid=pdns
setuid=pdns
disable-packetcache=
packetcache-ttl=0
forward-zones=domain.local=LOCALIP,domain.cloud=LOCALIP                         # Forward the two zones we care about back to the local dns server
forward-zones-recurse=amazonaws.com=172.16.0.23,compute-1.internal=172.16.0.23  # Forward queries for amazons domains to the resolver for amazon

SOLUTION

add the following lines to recursor.conf

disable-packetcache=
packetcache-ttl=0

add the following line to pdns.conf

recursive-cache-ttl=0

Decided to move my windows based DNS servers to linux. The problem is I need to be able to dynamically update zone files without having to restart bind. It seems the most popular solution is to install bind drivers for a database server ( postgresql, sqlite, mysql ) and then update the zone file. Seems simple enough but I can't get it to work for the life of me.

I'm currently using Amazon Linux distribution but I've tried everything in RHEL 6.2 as well with no more luck.

I've tried a few different methods. The first one was to compile bind with the source code changes for mysql support http://pbraun.nethence.com/doc/net/bind-mysql.html. This compiles fine with the changes and I get no errors but after running make install all the binaries get copied to /usr/local/sbin but I can't seem to start the daemon process I run service named start and it just tells me there's no service named named ( no pun intended ). Secondly none of the configuration files are generated. So I created a file named.conf and put it in /etc/named.conf then ran /usr/local/sbin/named-checkconf and it told me it couldn't find the file /etc/named.conf so i have no idea.

Next thing I tried was to install the package bind-sdb and use postgresql. Packages installed yum -qy bind bind-sdb bind-utils postgresql postgresql-server Following the steps on http://bind-dlz.sourceforge.net/postgresql_example.html I created a new postgre database and table etc. Below is my current named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
};

logging {
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
};

zone "." IN {
    type hint;
    file "named.ca";
};

dlz "my.zone" {
   database "postgres 1
   {host=localhost port=5432 dbname=bind user=postgre password=****}
   {select zone from dns_records where zone = '%zone%'}
   {select ttl, type, mx_priority, case when lower(type)='txt' then '\"'
         || data || '\"' when lower(type)='soa' then data || ' ' || resp_person || ' '
         || serial || ' ' || refresh || ' ' || retry || ' ' || expire || ' ' || minimum
         else data end from dns_records where zone = '%zone%' and host = '%record%'}";
};

include "/etc/named.rfc1912.zones";

Output from my database table

    zone    |    host     |  ttl   | type | mx_priority |          data          |     resp_person      | serial | refresh | expire | minimum
------------+-------------+--------+------+-------------+------------------------+----------------------+--------+---------+--------+---------
 my.cloud   | my.cloud.   | 259200 | SOA  |           0 | dns01.my.cloud.        | it.cloud.com.        |      1 |   28800 |  86400 |   28800
 my.cloud   | my.cloud.   | 259200 | NS   |           0 | dns01.my.cloud.        |                      |      0 |       0 |      0 |       0
 my.cloud   | dns01       | 259200 | A    |           0 | 127.0.0.1              |                      |      0 |       0 |      0 |       0
(3 rows)

Open to any solutions really if someone could point me in the right direction. I'd prefer to use MySQL as the database because I have 0 experience using postgresql or sqlite.

I'm trying to find out if anyone has successfully created Virtual IP's in Amazon's EC2 cloud. I need to set up some load balancing but without Virtual IP's I can't see how I could handle failover scenarios. I would be left with a single point of failure.