Re: [opensuse] round robin dns for the repo mirrors
- From: Peter Poeml <poeml@xxxxxxx>
- Date: Thu, 12 Feb 2009 02:50:03 +0100
Hi Brian,
On Wed, Feb 11, 2009 at 09:26:06AM -0500, Brian K. White wrote:
grr, heads up, ran into a nice little glitch in the whole dns load
balancing scheme for the repo mirrors.
Repo mirrors? Do you mean http://download.opensuse.org/repositories/
mirrors -- i.e., these http://mirrors.opensuse.org/list/bs.html ?
At least some of the hostnames don't actually point to a server but to a
dns loadbalancer that selects from a pool of physical servers. You get
whatever you get, unless you want to start using IP's.
Well, that's DNS round robin. It is normally deployed when it indeed
doesn't matter which IP you end up using, and when it doesn't matter if
you use the one or the other across a series of requests.
There is a number of use cases for that. Among them, download servers,
provided that they have content that is identical enough (well enough
synchronized) so clients don't run into problems.
For short-lived content / content with high turn-over rate, as some
buildservice repositories certainly are, this _can_ be a problem,
especially since this might not be expected by the operators as such.
Hence, we (openSUSE, i.e. download.opensuse.org) doesn't send you to
such round-robin'd hostnames.
Yes, download.opensuse.org is good for you [referring to HTTP access
here], because problems like that can be fixed in a central place, so
not everybody needs to loose hair over it.
For the kernel.org mirrors, DNSrr is in use, and there is an additional
complexity - GeoDNS, which makes DNS resolve to different IP adresses /
DNS Aliases depending on the client's region of the world. Yes, also
this issue is handled correctly for you by download.o.o.
(Give up ;-)
No, seriously, I can tell you what to do. Use 'host' and look at the
returned data:
from Europe, you'll see:
# host mirrors.kernel.org
mirrors.kernel.org is an alias for mirrors.geo.kernel.org.
mirrors.geo.kernel.org is an alias for mirrors.eu.kernel.org.
mirrors.eu.kernel.org has address 130.239.17.6
mirrors.eu.kernel.org has address 199.6.1.174
[...]
from the US, you'll see:
# host mirrors.kernel.org
mirrors.kernel.org is an alias for mirrors.geo.kernel.org.
mirrors.geo.kernel.org is an alias for mirrors.us.kernel.org.
mirrors.us.kernel.org has address 149.20.20.135
mirrors.us.kernel.org has address 204.152.191.39
As you see, the hostname points to some other hostname, and in each case
there are two of them. The two entries are treated equivalently by
resolvers and they return them in random order, so any of them gets
used. Which is the DNS round robin.
You see the DNS Aliases, though, so you can of course use them directly.
Note about HTTP: Provided that (!) the web server virtual host setup is
covering this use case, you'll get the same result, but can make your
client stick to one server. If the the virtual host setup is done in a
way that it only responds to the "main" DNS name, then you are out of
luck of course. It's not the case for the kernel.org mirrors, though.
Well, for rsync, the vhost issue doesn't matter.
Ah, I nearly forgot one crucial bit. Use a reverse lookup to see whether
there's a hostname record for the rr'd IP addresses:
% host 204.152.191.39
39.191.152.204.in-addr.arpa is an alias for 39.32-27.191.152.204.in-addr.arpa.
39.32-27.191.152.204.in-addr.arpa domain name pointer mirrors2.kernel.org.
% host 149.20.20.135
135.20.20.149.in-addr.arpa is an alias for 135.128-27.20.20.149.in-addr.arpa.
135.128-27.20.20.149.in-addr.arpa domain name pointer mirrors1.kernel.org.
Et voila, there we see that there's a hostname that can be used to
access any of the machines directly:
% host mirrors1.kernel.org.
mirrors1.kernel.org has address 149.20.20.135
[...]
% host mirrors2.kernel.org.
mirrors2.kernel.org has address 204.152.191.39
[...]
This is exactly what I use to scan those two hosts.
Peter
--
Contact: admin@xxxxxxxxxxxx (a.k.a. ftpadmin@xxxxxxxx)
#opensuse-mirrors on freenode.net
Info: http://en.opensuse.org/Mirror_Infrastructure
SUSE LINUX Products GmbH
Research & Development
Attachment:
pgpRJVOGlds1T.pgp
Description: PGP signature
- Follow-Ups:
- Re: [opensuse] round robin dns for the repo mirrors
- From: Brian K. White
- Re: [opensuse] round robin dns for the repo mirrors
- References:
- [opensuse] round robin dns for the repo mirrors
- From: Brian K. White
- [opensuse] round robin dns for the repo mirrors
- Prev by Date: Re: [opensuse] openSUSE-11.0-Updates, kernel source not ok?
- Next by Date: Re: [opensuse] round robin dns for the repo mirrors
- Previous by thread: Re: [opensuse] xdmcp
- Next by thread: Re: [opensuse] round robin dns for the repo mirrors
- Index(es):
Relevant Pages
|
