Maintained by: NLnet Labs

[Unbound-users] patch implementing round robin rrsets

Thijs Kinkhorst
Wed Mar 7 19:28:40 CET 2012

On Wed, 07 Mar 2012 18:27:08 +0100, Felix Schueren
<felix.schueren at> wrote:
> actually, I feel that DNS-based "load balancing" or "load distribution"
> when relying on RRset randomization is the poorest choice you can make -
> you have no control at all over distribution of the traffic, which means
> that a single system must be able to take the full load anyway, plus you
> end up with downtime of at least RRset TTL, or minimum cache TTL in some
> cases. 

Obviously anyone using round robin DNS is aware of its limitations.
However, it's perfectly possible to use it in combination with other tools
that don't present most of the problems you sketch and is hence not a
"poor" choice. One example is that we're using an active-active setup
combined with heartbeat. Each node has a heartbeat managed IP-address which
is migrated when there's downtime for a single node. However, we do need a
way to express in DNS that you can reach the service on either of its IP's.

Of course we could invest tens of thousands of euros in dedicated load
balancing equipment, but not every service requires that and we can get by
with this setup just fine.

> Even with randomization in Unbound these problems do not get
> fixed - in my opinion you're fixing the wrong side of the problem. DNS
> by itself was never meant for loadbalancing, and trying to retrofit it
> in, you'll always come to a point where you realize that you should have
> used loadbalancers or some other redundancy/failover mechanism from the
> beginning.

Sure, it's just one tool, not something that will solve all problems for
anyone. I don't agree that there would be no need for simple tools because
'there will always come a point' where you need the advanced tool.

The use of the word "retrofit" seems to suggest that this patch is trying
to do something new here. As we all know this technique has existed since
the beginnings of DNS, and the de facto reference implementation has been
doing it for decades already.

> Also, thousands of clients is not really a figure that shows how big or
> small the impact of the additional CPU required might be on a properly
> loaded setup - how many queries per second are you doing with your
> setup? We're currently sitting at approx 30,000 queries per second.

I'd love to see some comparative stress test results.

> Wouter, if you bring this randomization into mainline, please make it
> configurable, as in my opinion this is only useful for very few
> specialized environments, most notably probably resource-constrained
> institutions that are forced to use dns-based loadbalancing.

I have a hard time to believe that DNS round robin is something "rare" or
"specialised". It's not something new, it's something many people have been
doing for many years. And even if it would be only because of resource
constraints: it's not as if the number of resource-constrained
organizations in the world is insignificant by any measure.

Thijs Kinkhorst <thijs at> – LIS Unix

Universiteit van Tilburg – Library and IT Services
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236