Re: SRV RRs support in Internet Explorer?

From: William Stacey [MVP] (staceywREMOVE_at_mvps.org)
Date: 02/16/04

• Next message: Kevin D. Goodknecht [MVP]: "Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client only."
• Previous message: Chris Simmons: "Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client only."
• In reply to: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
• Next in thread: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
• Reply: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
• Messages sorted by: [ date ] [ thread ]

Date: Sun, 15 Feb 2004 19:15:27 -0500

Thanks for the reply. A lot of points there, so instead of addressing each
one, I will take a step back and generalize a bit. There are some
fundemental truths we can infer if we limit our thinking (at the moment) to
web access from a client to web server and, to keep things simple, also
assume ipv4 for this:
1) A client service (i.e. browser, etc.) needs to somehow resolve a name to
an IP address and port number. The port number could be implicit (i.e.
wellknown) or explicit.
2) At any point in time, a server (i.e. an IP/port endpoint ) could fail
and the client, if given multiple options, could select another endpoint in
the list.

So, before the client browser can connect to an endpoint, it needs to query
for some kind of dns RR that will return at least a single IP address and
possibly a port number. To LB, that endpoint could be a gateway that does
the LBing for many web servers "behind" it, or we need to return more then
one IP to client and let it somehow "pick" one to use via some rules for LB,
or the dns server must order the records based some LB rules. Regardless of
which IP address the client picks, that endpoint can fail at any point. So
the client also needs to walk the list to pick the next service endpoint to
try. So we have most of this already. Client can query for A record and
get back an A record list. SRV records would allow dynamic port bindings,
but not solve LB problem. In either case, we still need some help because
any server can fail, and we need to pick another one (if we have another
one) and try that one. IE implicitly tries port 80 first because that is
the wellknown port for http. smtp is 25, etc. You can override this at the
browser if you want 8080, for example. So dynamic ports, imo, does not
really help us in terms of LB or backup.

What can help us is TTL. If we don't keep the TTL low (i.e. 5-10 secs), we
can't effectively LB or backup because NSs cache the records for the TTL
time. This can "hide" any kind of LB or round-robin we try to do at the
name server as NS ns1 will return the list in the order it got the list or
may round-robin its' cached list until it needs to refresh. Not sure that
other NSs should change the order, as that presumes it "knows" what the
Owner of the domain name wanted - which would be wrong in most cases. So if
we wanted to do this ourselfs, how would we do it? We know yahoo.com and
google.com and microsoft.com do it somehow, but how? One solution is to
have a small LB applette on each web server that post Stat messages to a
dynamic DNS service on our DNS server(s) for the name. This applette
collects cpu usage, connections, memory, etc and posts the message to our
server service that changes the DNS records on our NSs based on load or any
rules it wants to use. The RRs would then have a small TTL. This assures
that client's and other NSs will not keep using the same records in the same
order and they Timeout. The dns server can remove failed servers and give
other records higher list order based on load. This can be done with A
records. I still don't see how SRV records would help backup or LB. You
would still need to do the above. It would, however, give you dynamic
ports, but still not sure of the value in that for wellknown services like
http, etc. Cheers.

-- 
William Stacey, MVP
"Rémi Després" <remi.despres@wanadoo.fr> wrote in message
news:u4l$Q#77DHA.2044@TK2MSFTNGP10.phx.gbl...
> Thanks for your interest in the subject, which I believe is worth it.
>
>
> 1. The two issues of Backup and Load Balancing on one hand, innovative use
> of dynamic ports on the other hand must IMO be kept completely separate.
> The second subject may never come up and should better be ignored for the
> time being (it only happens to be the reason why I started studying
details
> of the DNS).
>
> 2. On the contrary, the two isues of backup and LB "must be considered
> together".
> If the browser always picks up the first A record first, backup is
achieved
> but not LB (A is generic here, to be understood as A or AAAA or A6)
> Even this can be defeated if the Name Server itself cycles through
different
> orders of the A RRs of a domain name (some BIND servers may do it, it
seems,
> precisely to achieve LB independently of browser behaviors).
> If conversely the browser cycles through received A RRs, LB is achieved
> (only with equal weights); backup becomes impossible, whatever the NS
does.
> In other words, with only A RRs, neither backup nor LB, event in its round
> robin variant, can be safely achieved.
>
> 3. Using a gateway host do do LB, an approach of which I don't know all
> consequences, doesn't seem to be the simple and clean solution that
Internet
> needs (and is it IETF approved, as SRV RRs are?)
>
> 4. Using the nonexistant domain (ND) response has been based based on the
> following logic:
> - The goal is to guarantee to Service Providers who want it e2e backup
> and/or LB.
> - At least initially, most servers will (quite legitimately) remain
> reachable by means of A RRs.
> - Browsers must therefore query for A RRs and exploit returned IP
addresses
> if present.
> - Without a change in NS behavior the only answer without an IP adress to
an
> A query is an error report.
> - Rcode 3 ("Name Error" in RFC 1035, aka Nonexistant Domain) should
> guarantee a prompt answer by all NSs if no A RR exists for the queried
> domain name. (It could be considered that rcode 3 really means Nonexisting
> Domain "for this type of query".)
> - Making always a SRV query after receiving an rcode 3 should not be
> problem: in the absence of SRV record a new rcode 3 would be received,
this
> time to be user signalled; if a SRV record is present, e2e backup and LB
are
> achieved with existing standards and existing NSs (setting up the
> appropriate records in NSs is sufficient, an significant breakthrough
IMO).
>
> 5. Note: an improved efficiency of the process would be possible in the
> future if NSs are permitted to answer directly with SRV records to A
queries
> when no A record is available. The above mechanism would still work, with
no
> harm, where needed (in old-fashioned NSs), while in general SRV responses
> would be obtained immediately.
>
>
> Rémi Després
>
> ----------------------
>
>
> "William Stacey" <staceywREMOVE@mvps.org> a écrit dans le message de news:
> u49FB9z7DHA.2416@TK2MSFTNGP10.phx.gbl...
> > > 1. The first one, general in scope, is being able to define a backup
> site,
> > > and/or mirror sites with load sharing, for a particular resource.
> > > For this, using the (clean) DNS-SRV mechanism, seems an obvious idea.
> > > It would logically involve just a simple extension of IE whereby if it
> > > receives a "nonexistent domain" error code in an answer to an A or
AAAA
> > > request for domain name xxx.yyy, then it would try the standard SRV
> > request
> > > for such a resource, i.e.  _HTTP._TCP.xxx.yyy.
> >
> > I see what your saying.  However, you can do much of that today.  If you
> > have 4 A records for the host name, then IE will try the first, second,
> etc.
> > The srv record approach does not really help here, cause in either case,
> you
> > still need to fall down to next host, which IE does today.  Also, in the
> > case of http, dynamic ports would probably cause more issues then it
> fixes.
> > Port 80 is standard for general access.  I can't think of a good reason
to
> > change that or allow dynamic port changes.  If you have 20 web servers,
> they
> > just listen on 80 - simple.  I would not use srv records to get around
> > needing host headers either.  Ports are valuable, I would not use them
as
> an
> > alternative to host headers.  I don't get the "nonexistent domain"
reason.
> > If the name does not exist, then it was not setup for a reason and you
> don't
> > want another "solution" that somehow "finds" names that don't exist for
a
> > reason.  If I miss what your saying, please correct me as this is an
> > interesting idea.  I just don't see the exact value from the text at
this
> > point.  The load balancing, IMO, is the real winner.  DNS load balancing
> is
> > lacking.  You can do round robin to get cheap LB, but we all know the
> issues
> > with that.  That said, if you require real LB, you implement a LB
> > gateway/host that does that and/or use a LB dns like akadns does.  I
don't
> > see how srv records help here.
> >
> > > 2. The second objective, more specific, and for a project of my own,
> > > involves using the DNS-SRV capability of dynamically indicating which
> TCP
> > > port has to be used on which host.
> >
> > Any client app can use SRV records if they need or want.  You get to
> decide
> > how and why to use them.
> >
> > Please post back.  Cheers.
> >
> > --
> > William Stacey, MVP
> >
> >
> >
> >
> >
> >
>
>

• Next message: Kevin D. Goodknecht [MVP]: "Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client only."
• Previous message: Chris Simmons: "Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client only."
• In reply to: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
• Next in thread: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
• Reply: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint