[dns-operations] smart failover: Lua record experiments

Mike Jones mike at mikejones.in
Tue Nov 1 16:23:38 UTC 2016 

On 1 November 2016 at 14:46, bert hubert <bert.hubert at netherlabs.nl> wrote:
> Hi everyone,
>
> Recently it has been noted that some DNS hosters have rolled out proprietary
> features which are pretty nice - DNS based failover for example.
>
> Given the big DNS outages a few weeks ago, it appears there is a case to
> standardise such DNS based failover so domain owners are able to migrate
> away from a DNS provider that is under attack.
>
> To this end, we've been playing around with dynamic records that enable
> smart and easy load balancing straight from your database.
>
> To clarify, this is extremely experimental as we figure out how this should
> work and what the syntax should look like. If we've settled on this we can
> attempt to get these features standardised.
>
> In short, in the current testing version, you can do:
>
> time    IN      LUA     TXT     "return os.date('%c')"
>
> Which when queried will return the current date and time. This also works
> from our SQL databases, and also supports DNSSEC by the way.
>
> Or, more usefully:
>
> www     IN      LUA     A       "return ifurlup('http://www.lua.org/about.html', {'148.251.24.173', '52.48.64.3'})"
>
> Which will return one of the two IP addresses (as normal A records) if the
> given URL loads correctly from them.
>
> Or with some Amazon Route53 like load balancing features:
>
> www4    IN      LUA     A       (
>                                  " return ifurlup('http://www.ds9a.nl/status',           "
>                                  " {'148.251.24.173','52.48.64.3'},                      "
>                                  " {stringmatch='UP', follow='true', interval='10s'})    "
>                                 )
>
> This will attempt to retrieve that URL from both IP addresses, and declare
> them up if the URL returns the word 'UP' somewhere.
>
> For some more background, please see
> https://gist.github.com/ahupowerdns/1e8bfbba95a277a4fac09cb3654eb2ac
>
> At this stage, your thoughts are very welcome on how we should develop this.
> Especially if you think you could be rolling this out to your users in some
> way let us know your ideas.
>
> Discussion is also going on our IRC channel which can be found through
> https://www.powerdns.com/opensource.html
>
> Thanks!

I like the idea, however there is one glaring concern I have that you
don't appear to have mentioned in your proposal.

What happens if Amazon adopts this, and I stick a while true loop in
my zone? Does their entire infrastructure go down?

- Mike Jones

More information about the dns-operations mailing list