Maintained by: NLnet Labs

[Unbound-users] Troubles with using Round-Robin balancing.

Pavel
Thu Apr 29 04:52:59 CEST 2010


Hello, Hauke.

You wrote on 21 Apr 2010, 13:25:36:

> Pavel wrote:

>> I'm sorry, but I don't clearly understand
>> what you want to say?

> Likewise, I don't quite see what you're trying to do. Maybe you could
> describe what you expect.

>> Does this feature limitation of Unbound
>> is by-design?

> What limitation do you see here? Btw, dnscache does not do "round-robin"
> either. Try e.g.:

> dig rrtest.arglkargh.de @85.10.240.249 (Unbound from svn-trunk)
> dig rrtest.arglkargh.de @85.10.240.251 (dnscache w/ dnscurve-Patch)

> Both Unbound and dnscache return the same order from the cache on every
> query.

>> Just for note, djbdns works properly in this case, it gets by
>> including required zone to forward section.

> dnscache caches answers from forwarders, too, and returns them in a
> "fixed" order. Maybe you should explain your configuration in more detail.


> Hauke.

Of course, that was my mistake that I didn't describe my
configuration in details.

So. There is a zone 'supernet.lan', also there is a cluster of 10 vpn
access servers. They have IP addresses such as 10.10.0.1,10.10.0.2
.... 10.10.0.10.

Zone 'supernet.lan' is holded by BIND, and config looks like:
-----------------------
# cat ./named.conf
zone "supernet.lan" {
        type master;
        file "db/master/supernet.lan";
        allow-query { everybody; };
};
-----------------------
# cat ./supernet.lan
$TTL    1h

@       IN      SOA     ns.supernet.lan. root.supernet.lan.  (
                                2010041606      ; Serial
                                3600            ; Refresh
                                900             ; Retry
                                3600000         ; Expire
                                3600 )          ; Minimum
@       1D      IN      NS      ns.supernet.lan.
ns      1D      IN      A       10.10.2.2
vpn     1D      IN      A       10.10.0.1
vpn     1D      IN      A       10.10.0.2
vpn     1D      IN      A       10.10.0.3
vpn     1D      IN      A       10.10.0.4
vpn     1D      IN      A       10.10.0.5
vpn     1D      IN      A       10.10.0.6
vpn     1D      IN      A       10.10.0.7
vpn     1D      IN      A       10.10.0.8
vpn     1D      IN      A       10.10.0.9
vpn     1D      IN      A       10.10.0.10
vpn     1D      IN      A       10.10.0.11
vpn     1D      IN      A       10.10.0.12
vpn     1D      IN      A       10.10.0.14

--------------------

If I define IP of this dns in resolv.conf and then try to ping
vpn.supernet.lan, I'll get a different ip in each try.

# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.6): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.7): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.8): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.9): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.11): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.12): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
#

---------------

I don't want to use BIND as a cache dns, so I've set up djb-dnscache.
In it's zone config file I just set IP of BIND, then I've
changed IP in resolv.conf to IP where djbdns is listening.

The picture is the same, in each ping try I'm getting a different IP.
It works fine for a lot of time.

Unfortunately, as I know, djbdns do not support DNSSEC, and will not
support it in the future. I decided to change it to Unbound.

But when I'm trying to use Unbound instead of djbdns, I can see
another picture:

# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
# ping vpn.supernet.lan
PING vpn.supernet.lan (10.10.0.5): 56 data bytes
^C
--- vpn.supernet.lan ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
#

I've tried to use forward zone in Unbound config and stub zone, this
have no result. It always return the same IP, which was resolved
at the first time.

---

So, can somebody give me some useful advise?

-- 
Best regards,
 Pavel                          mailto:wishmaster at wishmaster.su