[dns-operations] smart failover: Lua record experiments
bert hubert
bert.hubert at powerdns.com
Tue Nov 1 21:02:59 UTC 2016
On Tue, Nov 01, 2016 at 04:23:38PM +0000, Mike Jones wrote:
> I like the idea, however there is one glaring concern I have that you
> don't appear to have mentioned in your proposal.
>
> What happens if Amazon adopts this, and I stick a while true loop in
> my zone? Does their entire infrastructure go down?
This is a very good point, and we've spent a few hours pondering this (we =
me, plus #powerdns IRC channel). Thank you for bringing it up.
First, in general this is a problem when adding any kind of smartness. One
could design a zone that starts monitoring 20 million hosts on the internet
every second, for example.
So this isn't quite something you can open the floodgates for.
Secondly, I've run the numbers on typical failover scripts, and they run in
microseconds of execution time. Lua offers a way to limit scripts to x Lua
VM instructions, and even a very generous limit keeps the impact of scripts
below a millisecond.
Finally, this is clearly an area that needs thinking. Much like being
secondary for a "dangerous zone" requires thinking, performing smart DNS may
need rationing of resources and per-customer limits etc.
However - simply having portable, standards based, zones that COULD be moved
would be a great thing.
Bert
More information about the dns-operations
mailing list