Win2012+powershell+win DNS addresses Web site load Balancing

Source: Internet
Author: User
Tags foreach bind failover domain name server

With Windows PowerShell, Windows-plus DNS servers. From the point of view of adjusting DNS server to resolve IP time period, solve the problem of load balance of website.

WIN2012R2, a list of commands for managing DNS servers with PowerShell

PS c:\users\admin> Get-command *-module dnsserver

CommandType Name ModuleName
----------- ---- ----------
Alias Export-dnsservertrustanchor DNSServer
Function Add-dnsserverconditionalforwarderzone DNSServer
Function add-dnsserverdirectorypartition DNSServer
Function Add-dnsserverforwarder DNSServer
Function Add-dnsserverprimaryzone DNSServer
Function Add-dnsserverresourcerecord DNSServer
Function Add-dnsserverresourcerecorda DNSServer
Function add-dnsserverresourcerecordaaaa DNSServer
Function Add-dnsserverresourcerecordcname DNSServer
Function Add-dnsserverresourcerecorddnskey DNSServer
Function Add-dnsserverresourcerecordds DNSServer
Function ADD-DNSSERVERRESOURCERECORDMX DNSServer
Function add-dnsserverresourcerecordptr DNSServer
Function Add-dnsserverroothint DNSServer
Function Add-dnsserversecondaryzone DNSServer
Function Add-dnsserversigningkey DNSServer
Function Add-dnsserverstubzone DNSServer
Function Add-dnsservertrustanchor DNSServer
Function add-dnsserverzonedelegation DNSServer
Function Clear-dnsservercache DNSServer
Function Clear-dnsserverstatistics DNSServer
Function Convertto-dnsserverprimaryzone DNSServer
Function Convertto-dnsserversecondaryzone DNSServer
Function Disable-dnsserversigningkeyrollover DNSServer
Function Enable-dnsserversigningkeyrollover DNSServer
Function Export-dnsserverdnssecpublickey DNSServer
Function Export-dnsserverzone DNSServer
Function Get-dnsserver DNSServer
Function Get-dnsservercache DNSServer
Function Get-dnsserverdiagnostics DNSServer
Function get-dnsserverdirectorypartition DNSServer
Function get-dnsserverdnsseczonesetting DNSServer
Function get-dnsserverdssetting DNSServer
Function Get-dnsserveredns DNSServer
Function Get-dnsserverforwarder DNSServer
Function Get-dnsserverglobalnamezone DNSServer
Function get-dnsserverglobalqueryblocklist DNSServer
Function get-dnsserverrecursion DNSServer
Function Get-dnsserverresourcerecord DNSServer
Function Get-dnsserverroothint DNSServer
Function get-dnsserverscavenging DNSServer
Function get-dnsserversetting DNSServer
Function Get-dnsserversigningkey DNSServer
Function Get-dnsserverstatistics DNSServer
Function Get-dnsservertrustanchor DNSServer
Function Get-dnsservertrustpoint DNSServer
Function Get-dnsserverzone DNSServer
Function get-dnsserverzoneaging DNSServer
Function get-dnsserverzonedelegation DNSServer
PowerShell Missionary original article 2015-11-25 change allow reprint, but must retain the name and provenance, otherwise hold legal responsibility
Function Import-dnsserverresourcerecordds DNSServer
Function Import-dnsserverroothint DNSServer
Function Import-dnsservertrustanchor DNSServer
Function Invoke-dnsserversigningkeyrollover DNSServer
Function invoke-dnsserverzonesign DNSServer
Function invoke-dnsserverzoneunsign DNSServer
Function register-dnsserverdirectorypartition DNSServer
Function remove-dnsserverdirectorypartition DNSServer
Function Remove-dnsserverforwarder DNSServer
Function Remove-dnsserverresourcerecord DNSServer
Function Remove-dnsserverroothint DNSServer
Function Remove-dnsserversigningkey DNSServer
Function Remove-dnsservertrustanchor DNSServer
Function Remove-dnsserverzone DNSServer
Function remove-dnsserverzonedelegation DNSServer
Function Reset-dnsserverzonekeymasterrole DNSServer
Function Restore-dnsserverprimaryzone DNSServer
Function Restore-dnsserversecondaryzone DNSServer
Function Resume-dnsserverzone DNSServer
Function Set-dnsserver DNSServer
Function Set-dnsservercache DNSServer
Function Set-dnsserverconditionalforwarderzone DNSServer
Function Set-dnsserverdiagnostics DNSServer
Function set-dnsserverdnsseczonesetting DNSServer
Function set-dnsserverdssetting DNSServer
Function Set-dnsserveredns DNSServer
Function Set-dnsserverforwarder DNSServer
Function Set-dnsserverglobalnamezone DNSServer
Function set-dnsserverglobalqueryblocklist DNSServer
Function Set-dnsserverprimaryzone DNSServer
Function set-dnsserverrecursion DNSServer
Function Set-dnsserverresourcerecord DNSServer
Function set-dnsserverresourcerecordaging DNSServer
Function Set-dnsserverroothint DNSServer
Function set-dnsserverscavenging DNSServer
Function Set-dnsserversecondaryzone DNSServer
Function set-dnsserversetting DNSServer
Function Set-dnsserversigningkey DNSServer
Function Set-dnsserverstubzone DNSServer
Function set-dnsserverzoneaging DNSServer
Function set-dnsserverzonedelegation DNSServer
Function Show-dnsservercache DNSServer
Function Show-dnsserverkeystorageprovider DNSServer
Function start-dnsserverscavenging DNSServer
Function Start-dnsserverzonetransfer DNSServer
Function Step-dnsserversigningkeyrollover DNSServer
Function Suspend-dnsserverzone DNSServer
Function Sync-dnsserverzone DNSServer
Function Test-dnsserver DNSServer
Function test-dnsserverdnsseczonesetting DNSServer
Function unregister-dnsserverdirectorypartition DNSServer
Function Update-dnsservertrustpoint DNSServer

Manual in:
https://technet.microsoft.com/library/jj649850 (v=wps.630). aspx

------------------------------Specific Issues-------------------------------------------------


Guest Q: The problem of uneven DNS polling pressure
Recently, there is a query for DNS polling, I have more than 10 IP in a domain, to achieve a simple load balancing function.
However, it is obvious that this polling is not very uniform, there is a server on the pressure is always high, the other is close, but the high pressure from the DNS list removed from the list of the next pressure will be higher,
Then put the previous one back to the DNS list, the pressure is back to the first set up. The possibility of an attack has been ruled out. This problem has been bothering me for a long time, I do not know is a bind bug or I set the TTL or other reasons, I do not know if there is no expert on this aspect of the study?

User1 Answer:
The DNS polling mechanism can be affected by a number of factors, such as the effect of the TTL length of a record, the impact of other DNS server cache, and the Windows client having a DNS Cache.
These can affect the effectiveness of DNS polling. Therefore, the DNS polling mechanism can not be used as a load balancing solution, only as a load distribution scheme.

User2 Answer:
The vast majority of Internet users of the network system for the Windows system, on the Windows system by default to open the DNS Cache service, which causes a TTL cycle in the DNS polling is invalid.
So in order to reduce the impact of DNS cache on polling effects, it is common practice to reduce the value of the TTL as 60-300. (The TTL is too small and harmful, so it needs to be treated with caution)


-------------------------Problem Analysis Process------------------------------------


1 User1,user2 said very well, so I quote. TTL should not be too small normal can be.

2 I liken this process to, "Hula Super" so many diners come to ask you, your hotel branches go, and then enter your home branch, to eat and drink.
Your hotel assumes that there are n branches, each of the largest reception capacity is different, the number of guests currently have different, the remaining reception capacity is different.

3 As a result of the two-person problem, you can't know when diners are going to check the store's address (time), because there's a cache, and you can't know how many people there are in the future. You can't know how many of the diners who have checked out IP will come to eat.

4 So there must be a "feedback of the remaining reception capacity per branch"!
There is a value, the server connection fails, and the value fails, return-1. -1 Too many to the police.
A value of 0, on behalf of the store is full, 0 too many alarm. My PS script will skip this branch.
The normal value is 0----1 between the number, indicating that the store's ability to meet guests. Each server has this numerical supply, and the rest is good.



5 Why use Win's DNS?
For:
5.1 Mainly because there are PowerShell.
I remember bind could not use the command to add a record, etc., and take effect immediately. In this way, the flattery will not catch up with PowerShell! You need to get a program to modify the DNS zone file, and then reload the partition. That's a bad performance.
The PowerShell command to administer DNS is a memory operation. The main commands used are these four:
Add-dnsserverresourcerecorda,add-dnsserverresourcerecordcname,get-dnsserverresourcerecord, Remove-dnsserverresourcerecord

5.2 Win has no problem with DNS performance: I remember that bind is a multiple-process program that can run with multiple cores without performance constraints. In Win2000, the DNS of win is more efficient than bind.
DNS is still a mature thing 10 years ago. 10,000 steps back, win DNS play 1000 of the following IP resolution, there will be no performance problems.

5.3 Can use win the master DNS server, Linux+bind do cache. Win put intranet, Linux outside the network, only from the external network DNS cache data.


-------------------------I give, problem solving process------------------------------------


1 with the task plan, every 1---n minutes call PowerShell script to solve the problem periodically. The assumption here is 1 minutes.
After the script runs, put its own PID into the environment variable, and then continue running.
After the script is rerun, look for the PID of the previous script from the environment variable to kill the previous script. Then repeat the previous step to avoid scripting deadlocks.

2 with a PS program, from each branch back to the (remaining) reception capacity of each branch.
There is a value, the server connection fails, and the value fails, return-1. -1 Too many to the police.
A value of 0, on behalf of the store is full, 0 too many alarm. My PS script will skip this branch.
The normal value is 0----1 between the number, indicating that the store's ability to meet guests.

PowerShell Missionary original article 2015-11-25 change allow reprint, but must retain the name and provenance, otherwise hold legal responsibility
3 from these n stores return to the guest ability, always pick 2 most free (value largest) branch, the 2 new A records to DNS, and then delete all the old A records.
Set "Reception capacity time" for alpha seconds, which implicitly waits for 60-α-2 seconds. Alpha if larger you should increase the number of task schedule minutes.

Conclusion:
The way I do this is to use DNS to get a balance,
My method is to tell you how to make a very balanced.
is to use my invention of the landfills method, always only fill the largest two pits! Always put the most idle server IP, put the DNS server, resolve to the customer!

-------------------------specific script for solving problems------------------------------------

#Requires-runasadministrator
# A record of the replacement DNS, to the maximum reception capacity of 2 computers on the IP son.

[string]$ Domain name = "aaaaxxxx.com"
[string]$ Host name = "PPP"
[int32]$ Server Full value = 3
[int32]$ Server No response value = 2
$ log File storage location = ' D:\aaa.txt '

$ branch = @{' ip ' = ' 1.2.3.4 '; Reception ability ' = 0}
$ branch = @{' ip ' = ' 2.2.3.4 '; Reception ability ' = 0}
$ branch = @{' ip ' = ' 3.2.3.4 '; ' Reception ability ' = 0}
$ branch = @{' ip ' = ' 4.2.3.4 '; Reception ability ' = 0}
$ branch = @{' ip ' = ' 5.2.3.4 '; Reception ability ' = 0}
$ store + = @{' ip ' = ' 6.2.3.4 '; Reception ability ' = 0}
$ store = @{' ip ' = ' 7.2.3.4 '; Reception ability ' = 0}
$ store = @{' ip ' = ' 8.2.3.4 '; Reception ability ' = 0}
$ branch = @{' ip ' = ' 9.2.3.4 '; Reception ability ' = 0}
$ branch = @{' ip ' = ' 10.2.3.4 '; Reception ability ' = 0}
$ store collection = $ branch 01,$ Branch 02,$ Branch 03,$ Branch 04,$ Branch 05,$ branch of the store, the 06,$ store 07,$ branch, 08,$ store, 09,$ branch 10


if ($env:d nschanger_pid-ne $null)
{
$temp 001 = Get-process-id $env:d nschanger_pid
if ($temp 001-ne $null)
{
Stop-process $temp 001-force
}
}
[System.environment]::setenvironmentvariable ("Dnschanger_pid", "$PID", "user")

function to obtain store reception ability
{
<#
This function returns a value.
Returns 1 if the server connection fails or the value fails. -1 Too many to the police.
A value of 0, on behalf of the store is full, 0 too many alarm. My PS script will skip this branch.
The normal return value is a number between 0----1, which indicates the ability of the store to receive guests.
#>


}

function Server Full Alarm
{


}


function Server No response alarm
{

}

# no response return-1, full return 0, normal return value of 0----1
$01. ' Reception capacity ' = Get the ability to receive the store "AAA" 123
$02. ' Reception Capacity ' = Get the ability to receive the store "AAA" 123
$03. ' Reception Capacity ' = Get the ability to receive the store "AAA" 123
$04. ' Reception Capacity ' = Get the ability to receive the store "AAA" 123
$05. ' Reception capacity ' = Get the ability to receive the store "AAA" 123
$06. ' Reception Capacity ' = Get the ability to receive the store "AAA" 123
$07. ' Reception capacity ' = Get the ability to receive the store "AAA" 123
$08. ' Reception capacity ' = Get the ability to receive the store "AAA" 123
$09. ' Reception Capacity ' = Get the ability to receive the store "AAA" 123
$10. ' Reception capacity ' = Get the ability to receive the store "AAA" 123
$ store Reception Capacity set = $01. ' Reception ability ', $ branch 02. ' Reception Capacity ', $03. ' Reception capacity ', $ branch 04 ' reception capacity ', $ branch 05. ' Reception capacity ', $ branch 06 ' reception capacity ', $ Branch 08. ' Reception capacity ', $09. ' Reception capacity ', $ branch 10. ' Reception capacity '
[System.array]::sort ($ each store reception capacity collection)
$ group = Group-object-inputobject $ Each store reception capacity collection
if (($ grouping [0].name-eq-1)-and ($ grouping [0].) COUNT-GT $ server No response value)
{
Server does not respond to alerts
$err _msg = ' server not responding! '
Write-error $err _msg
$ date = Get-date-format F
Add-content-value $ ("$ date $err _msg")-literalpath $ log File storage location
Exit 1
}

if (($ grouping [0].name-eq 0)-and ($ grouping [0].) COUNT-GT $ server Full value)
{
Server Full Alarm
$err _msg = ' Too many crowded stores! '
Write-error $err _msg
$ date = Get-date-format F
Add-content-value $ ("$ date $err _msg")-literalpath $ log File storage location
Exit 2
}


# -----------------------------------------
$ champion = $ Each store reception capacity set [-1]
$ runner-up = $ Each store reception capacity collection [-2]

foreach ($temp 011 in $ each branch collection)
{
if ($temp 011. ' Reception ability '-EQ $ champion)
{
[string] $ip 1 = $temp 011. ' IP '
}

if ($temp 011. ' Reception capacity '-eq $ runner-up)
{
[string] $ip 2 = $temp 011. ' IP '
}

}

#Import-module-name DNSServer
$ old DNS record = get-dnsserverresourcerecord-zonename $ domain-name $ host name-rrtype "A"
$ old IP = $ old DNS record. RecordData.IPv4Address.IPAddressToString
Add-dnsserverresourcerecord-a-zonename $ domain-name $ host name-ipv4address $ip 1-timetolive 01:00:00
Add-dnsserverresourcerecord-a-zonename $ domain-name $ host name-ipv4address $ip 2-timetolive 01:00:00
#Add-dnsserverresourcerecord-cname-zonename $ domain-name $ host name-hostnamealias "Host34.lab.com"-timetolive 01:00:00
foreach ($temp 002 in $ old IP)
{
Remove-dnsserverresourcerecord-zonename $ domain-name $ host name-rrtype "A"-recorddata $temp 002-force
}


Using DNS resolution to achieve load balancing of Web sites

When the site is a large number of visits will be considered load balance, this is also the basic skills of each architect, its fundamental status is equivalent to the crosstalk in the said to learn to sing, Live well look at this:)

The traditional load balancing idea is a single point, whether you are the hardware or software is the basic principle of this


For general requirements, such a framework can basically solve the problem. And it's relatively simple to maintain. Well, most companies do the same.

Limitations of traditional ideas

As the picture above shows, there are obvious limitations to traditional ideas. That is to say, the response speed of a Web site is largely limited to load-balanced nodes, and once the load-balancing node itself hangs up, the entire site is completely paralyzed. The back-end service can be scaled horizontally, but even if you increase the configuration of the machine in a single node there is a limit, and it does not conform to the development of Internet technology.

How does a CDN do that?

As one of the most important infrastructure of the Internet, CDN is very enlightening to the solution of load streaming.


As you can see from the image above, the user's access is diverted, all requests are no longer aggregated to a node, but are shared among the appropriate nodes, so that even a single point of failure will only affect a subset of users, and we can use other means to do failover.

The same approach can also learn from the traditional BS architecture, we can also direct the user's request to the different servers, without having to go through a unified node relay. What does this diversion do? The answer is dns!.

Do you know how DNS works?

Most people may use DNS every day without knowing its rationale, and you may know that we need to query DNS servers to access the Internet, which is the following.


We just need to ask its domain name corresponding to the IP address on the line. But is it really that simple? How does it know the IP address of this domain name?

In fact, the DNS system is a typical tree structure, the DNS server shown above should be called the DNS Cache query server, which is designed to mitigate the load of DNS queries on the Internet. If your request is not hit cache, then the cache server will make a standard query on its own, and then cache the results, simply from the root server to start the first level of the question. We used to talk about the importance of root servers in fact, it retains the right to start the interpretation of all domain names

Magic power of Interpretation (SOA)

It says that the root server has all the initial power to interpret the domain name, but if you ask the root server it will not tell you the final answer directly. Because if it's going to store all the records, it's too tired, and the load and overhead are amazing. So what does it tell you? It will tell you who to ask, that is, it authorizes the next level of server to answer your questions. The process of personification

Me: root, Root told me, segmentfault.com how to go?

Root: Oh, you can ask. com DNS server, address is xxxxxx

Me:. com,. com tell me, segmentfault.com how to go?

. com: Oh, you can ask segmentfault.com DNS server (dnspod, etc.), the address is xxxxxx

Me: Dnspod, dnspod tell me, segmentfault.com how to go?

Dnspod: Take the xxxxxx, walk you


The fundamentals of DNS load Balancing

Understanding the above process, we get two basic conclusions

The DNS system itself is a distributed network, it is relatively reliable, at least more reliable than your site itself

The ultimate explanation for DNS is that it can be controlled by ourselves.

With these two conclusions, the rest is simple, and we just need to make a fuss over the final explanation of the query results. In short, you will return all your server addresses to the user according to the frequency of your own needs.

Take github.com as an example, we first get its SOA server (because the DNS cache query server caches the results, if you go directly to the domain name, it returns the same result each time),. com's DNS domain name server is also 13, they are [a-m]. Gtld-servers.net, let's pick a random one to look for github.com SOA.


OK, we've got four SOA server ns[1-4].p16.dynect.net, just pick one to ask github.com the corresponding record, and try a few times to see if the final IP address will change.


We've queried here two times, noting that the answer section returned two results, one for 192.30.252.129, and one for 192.30.252.128.

This is the use of DNS to achieve load balancing, your final access will reach a different IP address.

What DNS service providers support load Balancing?

This is a relatively advanced service, the general Domain name registrar of the DNS server will not support, I am currently known to support its service providers have

AWS Route 53

Nsone

Dyn

Dnspod

Of these 1 and 4 are already in use, the effect is more ideal.

Summarize

In fact, DNS can play a lot more than these, you can do failover, can also be resolved by region and so on. Domain name from the beginning of the emergence of the Internet, but its research and derived from the use of the method has only just begun to explore, with the promotion of Internet use, this kind of technology will certainly be more and more.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.