Bind9: balancing by client ip (even/odd)

Автор | 08.06.2016

For some reason i need balancing client’s 50/50 for 2 datacenter’s
But, if client send GET request to datacenter1 (DC1) all following request need redirect to the same DC1. Only if DC1 is down – send to DC2
Simplest way – is share client’s by their ip (odd/even)
So we need two Bind9 services on one server.
First Bind9 will be answered that www.example.org is in DC1, second – in DC2
For example first named.conf:

zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
};
....

Zone:

cat /etc/bind/db.example.com
; example.com
$TTL    604800
@       IN      SOA     ns1.example.com. root.example.com. (
                     2016020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL
;
@       IN      NS      ns1
        IN      MX      10 mail
        IN      A       192.0.2.100
ns1     IN      A       192.0.2.10

On second Bind9

zone "example.com" {
    type master;
    file "/etc/bind2/db.example.com";
};
....

Zone:

cat /etc/bind/db.example.com
; example.com
$TTL    604800
@       IN      SOA     ns1.example.com. root.example.com. (
                     2016020201 ; Serial
                         604800 ; Refresh
                          86400 ; Retry
                        2419200 ; Expire
                         604800); Negative Cache TTL
;
@       IN      NS      ns1
        IN      MX      10 mail
        IN      A       192.0.3.100
ns1     IN      A       192.0.3.10

On my Debian server i created second init script for bind9
cp /etc/init.d/bind9 /etc/init.d/bind92
And change defaults

cat /etc/default/bind92
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -c /etc/bind2/named.conf"

.
.
.

Add rule for firewall:

#even client ip
iptables -t nat -A PREROUTING -i eth0 -s 0.0.0.0/0.0.0.1 -p udp --dport 53 -j DNAT  --to-destination  127.0.0.1:53
#odd client ip
iptables -t nat -A PREROUTING -i eth0 -s 0.0.0.1/0.0.0.1 -p udp --dport 53 -j DNAT  --to-destination  127.0.0.1:54
sysctl -w net.ipv4.conf.eth0.route_localnet=1

Also you need enable EDNS

dig @127.0.0.1 +noall +comments +bufsize=1 query
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60508
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096

Залишити відповідь