惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
A
Arctic Wolf
K
Kaspersky official blog
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
U
Unit 42
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy & Cybersecurity Law Blog
O
OpenAI News
量子位
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cisco Blogs
AWS News Blog
AWS News Blog
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
美团技术团队
T
Threatpost
S
Schneier on Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Cyber Attacks, Cyber Crime and Cyber Security
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes
Blog — PlanetScale
Blog — PlanetScale
C
Cybersecurity and Infrastructure Security Agency CISA
F
Full Disclosure
博客园_首页
N
Netflix TechBlog - Medium
Security Latest
Security Latest
有赞技术团队
有赞技术团队
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Register - Security
The Register - Security
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Recent Announcements
Recent Announcements
博客园 - Franky
P
Palo Alto Networks Blog
Project Zero
Project Zero
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
H
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
Cisco Talos Blog
Cisco Talos Blog
H
Heimdal Security Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
GbyAI
GbyAI

loadbalance on CoreDNS: DNS and Service Discovery

暂无文章

loadbalance
2025-09-10 · via loadbalance on CoreDNS: DNS and Service Discovery

Description

The loadbalance will act as a round-robin DNS load balancer by randomizing the order of A, AAAA, and MX records in the answer.

See Wikipedia about the pros and cons of this setup. It will take care to sort any CNAMEs before any address records, because some stub resolver implementations (like glibc) are particular about that.

Syntax

loadbalance [round_robin | weighted WEIGHTFILE] {
			reload DURATION
			prefer CIDR [CIDR...]
}
  • round_robin policy randomizes the order of A, AAAA, and MX records applying a uniform probability distribution. This is the default load balancing policy.

  • weighted policy assigns weight values to IPs to control the relative likelihood of particular IPs to be returned as the first (top) A/AAAA record in the answer. Note that it does not shuffle all the records in the answer, it is only concerned about the first A/AAAA record returned in the answer.

Additionally, the plugin supports subnet-based ordering using the prefer directive, which reorders A/AAAA records so that IPs from preferred subnets appear first.

  • WEIGHTFILE is the file containing the weight values assigned to IPs for various domain names. If the path is relative, the path from the root plugin will be prepended to it. The format is explained below in the Weightfile section.

  • DURATION interval to reload WEIGHTFILE and update weight assignments if there are changes in the file. The default value is 30s. A value of 0s means to not scan for changes and reload.

Weightfile

The generic weight file syntax:

# Comment lines are ignored

domain-name1
ip11 weight11
ip12 weight12
ip13 weight13

domain-name2
ip21 weight21
ip22 weight22
# ... etc.

where ipXY is an IP address for domain-nameX and weightXY is the weight value associated with that IP. The weight values are in the range of [1,255].

The weighted policy selects one of the address record in the result list and moves it to the top (first) position in the list. The random selection takes into account the weight values assigned to the addresses in the weight file. If an address in the result list is associated with no weight value in the weight file then the default weight value “1” is assumed for it when the selection is performed.

Examples

Load balance replies coming back from Google Public DNS:

. {
    loadbalance round_robin
    forward . 8.8.8.8 8.8.4.4
}

Use the weighted strategy to load balance replies supplied by the file plugin. We assign weight vales 3, 1 and 2 to the IPs 100.64.1.1, 100.64.1.2 and 100.64.1.3, respectively. These IPs are addresses in A records for the domain name www.example.com defined in the ./db.example.com zone file. The ratio between the number of answers in which 100.64.1.1, 100.64.1.2 or 100.64.1.3 is in the top (first) A record should converge to 3 : 1 : 2. (E.g. there should be twice as many answers with 100.64.1.3 in the top A record than with 100.64.1.2). Corefile:

example.com {
        file ./db.example.com {
                reload 10s
        }
        loadbalance weighted ./db.example.com.weights {
                    reload 10s
        }
}

weight file ./db.example.com.weights:

www.example.com
100.64.1.1 3
100.64.1.2 1
100.64.1.3 2

Subnet Prioritization

Prioritize IPs from 10.9.20.0/24 and 192.168.1.0/24:

. {
    loadbalance round_robin {
        prefer 10.9.20.0/24 192.168.1.0/24
    }
    forward . 1.1.1.1
}

If the DNS response includes multiple A/AAAA records, the plugin will reorder them to place the ones matching preferred subnets first.