20070211 using round robin dns to load balance ldap - plembo/onemoretech GitHub Wiki

title: Using round robin DNS to load balance LDAP link: https://onemoretech.wordpress.com/2007/02/11/using-round-robin-dns-to-load-balance-ldap/ author: lembobro description: post_id: 742 created: 2007/02/11 14:50:00 created_gmt: 2007/02/11 14:50:00 comment_status: open post_name: using-round-robin-dns-to-load-balance-ldap status: publish post_type: post

Using round robin DNS to load balance LDAP

This is so simple in BIND 9, it’s scary. Don’t let anyone tell you it can’t/shouldn’t be done. Remmember, if LDAP is unavailable because the host your apps are hardcoded to point at is down — it’s your rear end.

Here’s how I do it (at home, I have NO control over DNS at work — their loss).

Add an additional interface on each LDAP box to dedicate to the round robin process. If you’ve got your LDAP server tied down to a single interface, add this new interface to the mix (or open LDAP up to listen on all interfaces — the default for Sun and Red Hat Directory Server).

Now add a new A record in your forward zone file for each of these two new interfaces, giving them the same host name. On my home network it looks something like this:

ldap A 192.168.2.101
ldap A 192.168.2.102

Finally, update the serial number on your forward zone file and reload the config. For Red Hat/CentOS/Fedora you can do a

/sbin/service named reload.

That’s all there is to it. The default behavior with BIND 9 will be to give a different address as the first in the list returned each time. As a result you’ll see:

`

[root @bigserver ~] nslookup ldap
Server:         192.168.0.112
Address:        192.168.0.112#53
Name:   ldap.mydomain.com
Address: 192.168.0.101

Name:   ldap.mydomain.com
Address: 192.168.0.102

`

the first time and

`

[root @bigserver ~] nslookup ldap
Server:         192.168.0.112
Address:        192.168.0.112#53
Name:   ldap.mydomain.com
Address: 192.168.0.102

Name:   ldap.mydomain.com
Address: 192.168.0.101

`

on the second try. Your client will use the first address provided each time.

Now you have no excuse.

That is all.

Copyright 2004-2019 Phil Lembo