VMware Cloud Community
slavonac
Enthusiast
Enthusiast
‎09-10-2023 06:08 PM
Jump to solution

vCnter HA DNS resolution

Hi

 

I have configured vCenter HA in different subnets and it is working all fine

However I have question about dns resolution on this

 

for example i have vCenter.domain.com and it resolves to 192.168.0.50 Active

Then I have the same DNS A record for vCenter.domain.com for passive and it is 192.168.1.50 which means that passive is in different subnet

 

Now when active node fails what happens with DNS. DNs will still point me to 192.168.0.50 cause DNS just gives back IP address but it doesnt know that nothing on active doesnt respond on port 443

 

How did you resolve this thing. I know that load balancers do https probing and they can do it but DNS will just give IP address

What was your implementation for DNS

 

Reply
0 Kudos
1 Solution

Accepted Solutions
Sachchidanand
Expert
Expert
‎09-11-2023 07:40 PM
Jump to solution

I understand your concern and I also gone through the following KB https://kb.vmware.com/s/article/85579 

What I was trying to say in my previous post is the behavior of DNS. Even if your active node is up and running and DNS resolves the passive node IP during lookup if you have same FQDN for both active and passive, you will redirect to passive node.

Regards,

Sachchidanand

View solution in original post

Reply
0 Kudos
5 Replies
Sachchidanand
Expert
Expert
‎09-10-2023 06:35 PM
Jump to solution

If your DNS is supporting LB it will will give active IP and passive IP alternatively, otherwise it random. So in your current scenario it can resolve IP to any one of the active or passive. 

So instead of having the same domain for active and passive use different domain like vcenter-a and vcenter-b respectively.

Regards,

Sachchidanand 

Reply
0 Kudos
slavonac
Enthusiast
Enthusiast
‎09-10-2023 06:46 PM
Jump to solution

Ya i may probably do that like create another DNS record calling it vcenter-passive.domain.com and just put second IP address so we would have to choose passive if we see active down

 

Because DNS will not be able to see that nothing responds on https port 192.168.0.50 for active DNS as far as I know cannot do probing for https and detect that no answer on 443 on active

Reply
0 Kudos
Sachchidanand
Expert
Expert
‎09-10-2023 06:52 PM
Jump to solution

Yes, DNS doesn't have any such intelligence about end server. It just resolve domain to IP or vice-versa, so the best way is to choose different domain for active and passive.

Regards,

Sachchidanand

Reply
0 Kudos
slavonac
Enthusiast
Enthusiast
‎09-11-2023 10:00 AM
Jump to solution

HI

 

This would be ok to tell users to use another DNS entry.

However what happens when failover happens will hosts know that IP address is now not the same. Hosts depend on FQDN to know which vCenter they belong

SO if active is 192.168.0.50 and passive is 192.168.1.150 how hosts will resolve this new IP address to FQDN. If they dont they will disconnect

What would be mechanism that will tell hosts that vCenter IP is now 192.168.1.150

Reply
Sachchidanand
Expert
Expert
‎09-11-2023 07:40 PM
Jump to solution

I understand your concern and I also gone through the following KB https://kb.vmware.com/s/article/85579 

What I was trying to say in my previous post is the behavior of DNS. Even if your active node is up and running and DNS resolves the passive node IP during lookup if you have same FQDN for both active and passive, you will redirect to passive node.

Regards,

Sachchidanand

Reply
0 Kudos