Powershell and win dns server to solve the website load balancing problem, powershelldns

Source: Internet
Author: User

Powershell and win dns server to solve the website load balancing problem, powershelldns

 

Add a windows dns server by using powershell. Solve the website load balancing problem from the perspective of adjusting the dns Server Resolution ip time period.


---------------------- In win2012r2, use powershell to manage dns servers. Command list --------------------------------

 


Ps c: \ Users \ admin> get-command *-module DnsServer

CommandType Name ModuleName
-------------------------
Alias Export-DnsServerTrustAnchor DnsServer
Function Add-DnsServerConditionalForwarderZone DnsServer
Function Add-DnsServerDirectoryPartition DnsServer
Function Add-DnsServerForwarder DnsServer
Function Add-DnsServerPrimaryZone DnsServer
Function Add-DnsServerResourceRecord DnsServer
Function Add-DnsServerResourceRecordA DnsServer
Function Add-DnsServerResourceRecordAAAA DnsServer
Function Add-DnsServerResourceRecordCName DnsServer
Function Add-DnsServerResourceRecordDnsKey DnsServer
Function Add-DnsServerResourceRecordDS DnsServer
Function Add-DnsServerResourceRecordMX DnsServer
Function Add-DnsServerResourceRecordPtr DnsServer
Function Add-DnsServerRootHint DnsServer
Function Add-DnsServerSecondaryZone DnsServer
Function Add-DnsServerSigningKey DnsServer
Function Add-DnsServerStubZone DnsServer
Function Add-DnsServerTrustAnchor DnsServer
Function Add-DnsServerZoneDelegation DnsServer
Function Clear-DnsServerCache DnsServer
Function Clear-DnsServerStatistics DnsServer
Function convertor-DnsServerPrimaryZone DnsServer
Function convertor-DnsServerSecondaryZone DnsServer
Function Disable-dnsserversigningkeyrolover DnsServer
Function Enable-dnsserversigningkeyrolover DnsServer
Function Export-DnsServerDnsSecPublicKey DnsServer
Function Export-DnsServerZone DnsServer
Function Get-DnsServer
Function Get-DnsServerCache DnsServer
Function Get-DnsServerDiagnostics DnsServer
Function Get-DnsServerDirectoryPartition DnsServer
Function Get-DnsServerDnsSecZoneSetting DnsServer
Function Get-DnsServerDsSetting DnsServer
Function Get-DnsServerEDns DnsServer
Function Get-DnsServerForwarder DnsServer
Function Get-DnsServerGlobalNameZone DnsServer
Function Get-DnsServerGlobalQueryBlockList DnsServer
Function Get-DnsServerRecursion DnsServer
Function Get-DnsServerResourceRecord DnsServer
Function Get-DnsServerRootHint DnsServer
Function Get-DnsServerScavenging DnsServer
Function Get-DnsServerSetting DnsServer
Function Get-DnsServerSigningKey DnsServer
Function Get-DnsServerStatistics DnsServer
Function Get-DnsServerTrustAnchor DnsServer
Function Get-DnsServerTrustPoint DnsServer
Function Get-DnsServerZone DnsServer
Function Get-DnsServerZoneAging DnsServer
Function Get-DnsServerZoneDelegation DnsServer
The original Article of the powershell missionary may be reproduced on November 25, but the name and source must be retained; otherwise, the document shall be held legally liable.
Function Import-DnsServerResourceRecordDS DnsServer
Function Import-DnsServerRootHint DnsServer
Function Import-DnsServerTrustAnchor DnsServer
Function Invoke-dnsserversigningkeyrolover DnsServer
Function Invoke-DnsServerZoneSign DnsServer
Function Invoke-DnsServerZoneUnsign DnsServer
Function Register-DnsServerDirectoryPartition DnsServer
Function Remove-DnsServerDirectoryPartition DnsServer
Function Remove-DnsServerForwarder DnsServer
Function Remove-DnsServerResourceRecord DnsServer
Function Remove-DnsServerRootHint DnsServer
Function Remove-DnsServerSigningKey DnsServer
Function Remove-DnsServerTrustAnchor DnsServer
Function Remove-DnsServerZone DnsServer
Function Remove-DnsServerZoneDelegation DnsServer
Function Reset-DnsServerZoneKeyMasterRole DnsServer
Function Restore-DnsServerPrimaryZone DnsServer
Function Restore-DnsServerSecondaryZone DnsServer
Function Resume-DnsServerZone DnsServer
Function Set-DnsServer
Function Set-DnsServerCache DnsServer
Function Set-DnsServerConditionalForwarderZone DnsServer
Function Set-DnsServerDiagnostics DnsServer
Function Set-DnsServerDnsSecZoneSetting DnsServer
Function Set-DnsServerDsSetting DnsServer
Function Set-DnsServerEDns DnsServer
Function Set-DnsServerForwarder DnsServer
Function Set-DnsServerGlobalNameZone DnsServer
Function Set-DnsServerGlobalQueryBlockList DnsServer
Function Set-DnsServerPrimaryZone DnsServer
Function Set-DnsServerRecursion DnsServer
Function Set-DnsServerResourceRecord DnsServer
Function Set-DnsServerResourceRecordAging DnsServer
Function Set-DnsServerRootHint DnsServer
Function Set-DnsServerScavenging DnsServer
Function Set-DnsServerSecondaryZone DnsServer
Function Set-DnsServerSetting DnsServer
Function Set-DnsServerSigningKey DnsServer
Function Set-DnsServerStubZone DnsServer
Function Set-DnsServerZoneAging DnsServer
Function Set-DnsServerZoneDelegation DnsServer
Function Show-DnsServerCache DnsServer
Function Show-DnsServerKeyStorageProvider DnsServer
Function Start-DnsServerScavenging DnsServer
Function Start-DnsServerZoneTransfer DnsServer
Function Step-dnsserversigningkeyrolover DnsServer
Function Suspend-DnsServerZone DnsServer
Function Sync-DnsServerZone DnsServer
Function Test-DnsServer
Function Test-DnsServerDnsSecZoneSetting DnsServer
Function Unregister-DnsServerDirectoryPartition DnsServer
Function Update-DnsServerTrustPoint DnsServer

The manual is:
Https://technet.microsoft.com/library/jj649850 (v = wps.630). aspx


------------------------------ Specific problem -------------------------------------------------


Guest: The dns round robin pressure is uneven.
I have been wondering about DNS round-robin recently. I have attached more than 10 IP addresses under a domain name to implement simple load balancing.
However, it is obvious that this round robin is not very uniform, and the pressure on one server is always high. The other is relatively close, but after removing the high pressure from the dns list, the next instance in the list is under high pressure,
Then add the previous one back to the dns list, and the pressure will go back to the first stage. The possibility of attack has been ruled out. This problem has been bothering me for a long time. I do not know whether it is a bind bug or why I set ttl or something. Do I know whether some experts have studied this issue?

User1 answer:
DNS polling mechanisms may be affected in many aspects, such as the TTL duration of A record, the Cache of other DNS servers, and a dns Cache for windows clients.
These will affect the DNS round-robin effect. Therefore, the DNS polling mechanism cannot be used as a load balancing solution, but only as a load distribution solution.

User2 answer:
The majority of Internet users use the WINDOWS system. By default, the dns cache service is enabled on WINDOWS, which results in Invalid DNS polling during a TTL period.
Therefore, to reduce the effect of dns cache on the polling effect, the common practice is to reduce the TTL value, for example, 60-300. (TTL is too small and therefore must be treated with caution)

 

------------------------- Problem analysis process ------------------------------------


1 user1, user2 said very well, so I referenced it. Ttl should not be too small.

2. I like this process as a metaphor. So Many diners come to ask you how your hotel branch is going, and then you can go to your branch to eat and drink.
Assume that there are n branches in your hotel, each of which has different maximum reception capacities. The number of current guests varies, and the remaining reception capacities vary.

3 because of the problems mentioned by the two people above, you may not know when a diners will query the Branch Address (time) in the future, you cannot know the specific number of customers (number of users) in the future ). You cannot know the number of diners who check ip addresses.

4. Therefore, you must have a feedback on the remaining reception capability of each branch ]!
There is a value. If the server connection fails and the value fails,-1 is returned. -If the value is 1, an alarm is triggered.
If the value is 0, the Branch is full. If the value is 0, an alarm is triggered. My ps script will skip this branch.
The normal value is the number between 0-1, indicating the ability of the Branch to receive customers. Each server has this value, and the rest is easy to handle.

 

5. Why is win dns used?
A:
5.1 mainly because of powershell.
I remember that the bind could not use the command to add the record and take effect immediately. In this case, the Trojan Horse cannot catch up with powershell! You need to set up a program to modify the dns region file and reload the partition. The performance is poor.
Powershell command management dns is a memory operation. The main Commands are as follows:
Add-DnsServerResourceRecordA, Add-DnsServerResourceRecordCName, Get-DnsServerResourceRecord, Remove-DnsServerResourceRecord

5.2 win dns performance: I remember that bind is a multi-process program that can run with multiple cores without performance constraints. Win2000 said that win dns is more efficient than bind.
Dns is also mature 10 years ago. Step 4: win's dns won't have performance problems if it has less than 10 thousand ip addresses.

5.3 you can use win as the primary dns server, and use linux + bind as the cache. Win put the Intranet, linux put the internet, and only get data from the Internet dns cache.

 

--------------------------- Problem Solving Process ------------------------------------


1. Use the task plan to regularly call powershell scripts every 1-n minutes to solve the problem. This is assumed to be 1 minute.
After the script runs, put your pid into the environment variable and continue running.
After the script is re-run, find the pid of the previous script from the environment variable and kill the previous script. Repeat the previous step to avoid the script deadlock.

2. Use a ps program to retrieve the data from each branch, and the (remaining) reception capability of each branch.
There is a value. If the server connection fails and the value fails,-1 is returned. -If the value is 1, an alarm is triggered.
If the value is 0, the Branch is full. If the value is 0, an alarm is triggered. My ps script will skip this branch.
The normal value is the number between 0-1, indicating the ability of the Branch to receive customers.

The original Article of the powershell missionary may be reproduced on November 25, but the name and source must be retained; otherwise, the document shall be held legally liable.
3. the pick-up capability returned from the n branch always selects two idle (maximum value) branches and writes these two new a records to the dns, delete all old a records.
Set the reception capacity time to Alpha seconds, which implies waiting 60-α-2 seconds. If α is large, the number of minutes in the task plan should be increased.

Conclusion:
This method is to use dns for balancing,
I want to tell you how to achieve a balanced approach.
It is the method I invented to fill in the biggest two traps forever! Always put the ip address of the idle server into the dns server and resolve it to the customer!


------------------------- Specific script for solving the problem ------------------------------------
# Requires-RunAsAdministrator # change the record of dns to the ip address of the server with the maximum reception capacity of 2. [String] $ domain name = "aaaaxxxx.com" [string] $ host name = "ppp" [int32] $ server full value = 3 [int32] $ server no response value = 2 $ Log File storage location = 'd: \ aaa.txt '$ branch 01 =@{ 'IP' = '1. 2.3.4 '; 'reception power' = 0} $ branch 02 =@{ 'IP' = '2. 2.3.4 '; 'reception power' = 0} $ branch 03 =@{ 'IP' = '3. 2.3.4 '; 'reception power' = 0} $ branch 04 =@{ 'IP' = '4. 2.3.4 '; 'reception power' = 0} $ branch 05 =@{ 'IP' = '5. 2.3.4 '; 'reception power' = 0} $ branch 06 =@{ 'IP' = '6. 2.3.4 '; 'reception power' = 0} $ branch 07 =@{ 'IP' = '7. 2.3.4 '; 'reception power' = 0} $ branch 08 =@{ 'IP' = '8. 2.3.4'; 'Reception power' = 0} $ branch 09 =@{ 'IP' = '9. 2.3.4 '; 'reception power' = 0} $ branch 10 =@{ 'IP' = '10. 2.3.4 '; 'reception power' = 0} $ collection of branches = $01, $02, $03, $04, $05, $06, $ branch 07, $ branch 08, $ branch 09, $ branch 10if ($ env: dnschanger_pid-ne $ null) {$ temp001 = Get-Process-id $ env: dnschanger_pid if ($ temp001-ne $ null) {Stop-Process $ temp001-Force} [System. environment]: SetEnvironmentvariable ("dnschanger_pid", "$ PID", "user") function to obtain branch reception capability {<# This function returns A value. If the server connection fails or the value fails,-1 is returned. -If the value is 1, an alarm is triggered. If the value is 0, the Branch is full. If the value is 0, an alarm is triggered. My ps script will skip this branch. The normal return value is the number between 0-1, indicating the ability of the Branch to receive customers. #>} Function server full-volume alarm {} function server no response alarm {} # No response returned-1, 0 returned for full-volume, normal return value between 0----1 $ branch 01. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 02. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 03. 'reception power' = get the branch reception capability "aaa" 123 $ branch 04. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 05. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 06. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 07. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 08. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 09. 'reception power' = Get Branch reception capability "aaa" 123 $ branch 10. 'reception power' = Get Branch reception capability "aaa" 123 $ Reception capability set of each branch = $ branch 01. 'reception power', $ branch 02. 'reception power', $ branch 03. 'reception power', $ branch 04. 'reception power', $ branch 05. 'reception power', $ branch 06. 'reception power', $ branch 07. 'reception power', $ branch 08. 'reception power', $ branch 09. 'reception power', $ branch 10. 'reception power' [system. array]: Sort ($ collection of reception capabilities of each branch) $ Group = Group-Object-InputObject $ collection of reception capabilities of each branch if ($ Group [0]. name-eq-1)-and ($ group [0]. count-gt $ no response value on the server) {No response alert on the server $ err_msg = 'no response on the server! 'Write-Error $ err_msg $ date = Get-date-Format F Add-Content-Value $ ("$ date $ err_msg ") -LiteralPath $ log file storage location exit 1} if ($ group [0]. name-eq 0)-and ($ group [0]. count-gt $ server full) {server full alarm $ err_msg = 'too many outlets are occupied! 'Write-Error $ err_msg $ date = Get-date-Format F Add-Content-Value $ ("$ date $ err_msg ") -LiteralPath $ log file storage location exit 2 }# ----------------------------------------- $ champion = $ collection of reception capabilities of each branch [-1] $ ranklist = $ collection of reception capabilities of each branch [-2] foreach ($ temp011 in $ collection of branches) {if ($ temp011. 'reception power'-eq $ champion) {[string] $ ip1 = $ temp011. 'IP'} if ($ temp011. 'reception power'-eq $) {[string] $ ip2 = $ temp011. 'IP' }}# Import-Module-name DnsServer $ old dns record = Get-DnsServerResourceRecord-ZoneName $ domain Name-name $ host Name-RRType "A" $ old ip address = $ old dns records. recordData. IPv4Address. IPAddressToStringAdd-DnsServerResourceRecord-A-ZoneName $ domain Name-Name $ host Name-IPv4Address $ ip1-TimeToLive 01: 00: region-A-ZoneName $ domain Name-Name $ host Name-IPv4Address $ ip2-TimeToLive 01:00:00 # Add-DnsServerResourceRecord-CName-ZoneName $ domain Name-Name $ HostNameAlias "Host34.lab.com"-TimeToLive 01: 00: 00 foreach ($ temp002 in $ old ip address) {Remove-DnsServerResourceRecord-ZoneName $ domain Name-Name $ host Name-RRType "A"-RecordData $ temp002-Force}

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.