Iptables – Using LVS (Linux Virtual Server) for doing DNS HA

domain-name-systemhigh-availabilityiptablesload balancinglvs

I have been trying to create an LVS DNS HA using CentOS 6.x:

  • Piranha GUI to configure the DNS
  • Pulse is the HA heart of CentOS LB
  • IPTables to configure marks on the packets since DNS uses TCP and UDP 53

After several days, I find that I can not figure out how to make it work – and I was hoping that someone has either the lvs.cf file avaiable along with all iptables rules necessary. Or if someone has already used some other OpenSource & Free software that allows to do DNS LB (not round robine DNS A records – that's not what the purpose of this exercise is for).

If anyone has successfully made named DNS under LVS with two or more real-servers within the pool, work, I would greatly appreciate if the configurations could be posted:

  • lvs.cf
  • iptables rules to place

I am primarily looking for either Direct Server Return or NAT – either solution will work for me.

Thank you in advance.

Jim.

Best Answer

You should be able to configure DNS load balancing pretty easily with LVS in DR mode. Personally I would use Ldirectord rather than Piranaha (which is old and buggy), but either should work.

Like you said you will need to configure your firewall mark for the correct TCP and UDP ports, then load balance all packets that are marked to your backend server(s). I assume you won't need persistence for DNS (wouldn't work for UDP anyway).

I think the step you are probably missing is to allow the backend servers to respond to the traffic you are sending - commonly know as the ARP problem. If you have Windows servers then use this method. Or for Linux the simplest method is to use an iptables redirect:

iptables -t nat -A PREROUTING -p tcp -d <VIP> -j REDIRECT

Its explained in more detail on page 21 of the http://loadbalancer.org quick start guide.

If you need any help, post your config and I'll take a look.

Related Topic