On 2023-07-19 12:55, Gerald Galster wrote:
Le 19/07/2023 à 19:53, Michael Peddemors a écrit :
Real world is a bit different.. DNS Caching.. While DNS Round Robin is good enough to distribute loads, it isnt' a very good method for failover, even with a very short TTL. Many home routers, still insist on caching results for a long time, no matter what the TTL says, and of course Windows internal caching etc..
Should not confuse the issue.. call it a 'poor man's load balancer' if you will, but it more of a last line failover, and during the time it takes for DNS to retry, and find another active node, an AWFUL lot of disgruntled customers will be calling ;)
Also so interesting to see some resolvers that don't think of using the second record, if the first one is down..
You're mixing things : DNS and Mail client behavior. It is a non sense. A resolver will serve records, It does not use them and do not care of what is behind the record. A good client use the lists (of A or AAAA) records to connect to the server and will iterate on the list if the server behind the record is down. And DNS caching do it job nothing less, nothing more and is out of the picture.
Emmanuel is right. Here's an example to clarify:
$ dig imap.web.de
;; ANSWER SECTION: imap.web.de. 226 IN A 212.227.17.178 imap.web.de. 226 IN A 212.227.17.162
A dns query for imap.web.de address records (IN A) returns two ip addresses. A local resolver receives those two ip addresses and usually passes them on to clients while it may rotate the order, so that some clients will see 212.227.17.178, 212.227.17.162 and others will see 212.227.17.162, 212.227.17.178. It is possible to get the same order for subsequent requests but on a *global* scale that roughly equals 50/50 loadbalancing.
Mail clients then connect to e.g. 212.227.17.178 and try 212.227.17.162 on connection failure without any further dns involvement. Dns caching (ttl) is irrelevant in that case.
In theory, that is how it is SUPPOSED to work, in practice (and we have lots of history where customers ran into this problem when one went down), I believe that it was Outlook that didn't try an alternative IP address for a 20 min internal cache for instance, before a requery of the DNS was done, at which time it again would choose which IP to connect to. As well, SOME modems would get the two results, and return only one to the client. And lots of libraries we see, do the DNS query, get two IP results, but then only use the first one returned, etc..
Not arguing how it is supposed to work, just forewarning those to be ready when it doesn't work like the manual says.. (Everyone hates phone calls about email being down).
If you want to be certain, only a true load balancer will fit the bill.
Oh, and another PS.. IF you are going to do round robin, suggest you make two (2) MX records, and put two IPs in both, and then equal weight the two MX's.
Keeps a more even load, given those that only prefer the first MX returned, and those that prefer the last (spammers)
-- "Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.