Friday, January 28, 2011

How can I use DNS to return a geographically local IP address?

We have several offices across the globe, but our datacenters are primarily housed in two central locations (North America and Europe). There is a relatively high latency between various offices, so we try to host services in the closest location to the user (i.e. Canadian employees use Exchange services in the US, not Europe.)

This setup works well for the most part. When using services like Active Directory, Exchange or DFS, clients rely on existing site information in AD to fine the closest location.

Now, we have a request to have a common DNS name to access certain web services that are hosted both NA and Europe. Previously, we have used seperate DNS names (na-service.domain.local or eu-service.domain.local) but that becomes cumbersome for our end users.

All of our internal DNS is currently hosted on Windows 2003 and 2008 servers with Microsoft DNS. Is there any way to configure Microsoft DNS services to only respond to requests with a "local" IP address? I know that configuring multiple A records will result in a round robin style response, which is not ideal. We could also use Primary zones at each location and only enter the local IP address, but we have hundreds of other DNS entries that would need to be manually replicated to each server.

If this can't be done with MS DNS, are there other low cost alternatives? I know F5 Networks has products that can handle this, but that's at a fairly high expense.

From serverfault Doug Luxem

  • You might have some luck with the "Subnet Prioritization" functionality in the Microsoft DNS server. Whether or not it will help you will depend on how your subnets are addressed and how your geographically "local" servers are addressed. This feature is enabled by default in Windows Server 2003 and 2008.

    I'd recommend reading up on that feature. Have a look at http://technet.microsoft.com/en-us/library/dd197495(WS.10).aspx under the "Subnet prioritization" heading.

    The "view" functionality in BIND would probably do what you want, too, but then you're talking about deploying a parallel DNS infrastructure and a lot of configuration.

    If you have control of the web-based application you could do something off-the-wall like embed some Javascript to "detect" the user's location and redirect them on the client side. It's a bit bush-league, but it might do what you need.

    Doug Luxem : Interesting, that is the first I have heard of this concept. Unforunately, it will not work for us as clients are rarely in the same subnet as the servers (although they may be in the larger classless subnet used to simplify routing).
    Evan Anderson : In case you didn't read thru the examples: The servers and clients don't need to be in the same subnet. An exact match on the client subnet w/ the server isn't done-- rather the server does an ordering of the results based on the closest match of the client's IP address to the results. In a typical VLSM environment, the IP addresses that are geographically close to you should, hopefully, be close, bitwise, to your own IP address.
    Doug Luxem : In that case, it should cover about 90% of our clients (some subnets are completely unrelated to geographic location). Thanks for he information.
    From Evan Anderson

  • I've had this question asked a couple of times here at work, although it never got to implementation, so this is pure theory on my part.

    The best solution (hack?) I could come up with would be to have a common dns sub domain that isn't replicated. Then just put the local servers in that setup. So you would have something like this:

    NA DNS Servers
    service.domain.local
    web01.service.domain.local -> 10.10.10.200

    EU DNS Servers
    service.domain.local
    web01.service.domain.local -> 10.200.200.200

    So the clients connecting to web01.service.domain.local would pickup the service's local IP off thier default dns servers. You can have them replicate inside the EU and NA but don't have the zone replicate between the EU and NA.

    From Zypher

  • Does the solution have to be done through DNS? If not, this sounds like a perfect candidate for IP Anycast. See this question for more detail, but in a nutshell, it is a network architecture that allows you to advertise the same IP address from multiple locations, with clients routing to the 'closest' (from a network cost perspective) instance of the IP. This way, you can simply have a global VIP (Virtual IP) for your DNS records to point to.

    From Murali Suriar

  • As a previous answer states, BIND's Views look like what you want. It allows a name server to present different configurations of the same name server to groups of clients which you define.

    The groups can be defined via individual IP addresses or prefixes (like 10.10.1.192/26). Hopefully, your EU and American hosts can be distinguished this way.

    Nice side benefit: your two servers can be (almost) identically configured, BIND-wise, and thus can act as each other's failover.

    A good way to think of Views is that it is a DNS server's version of virtualization. Sort of.

    BIND can be obtained at www.isc.org for free.

    From Allen
Posted by Mu Cat at 5:14 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)