Sysadmins of the North goes global!

How to set up a global Geolocation DNS load balancing Varnish Cache Content Delivery Network with Bind9, geo-ip database, Varnish Cache and DigtalOcean. DIY High-Availability for your website!
Published on Wednesday, 29 October 2014

Screenshot by Jan Reilink

I felt it was time to take Sysadmins of the North to the next level, it was time to expand with my own global DNS load balancing with Bind9 and Varnish Cache CDN. Here is how I set up my geo-location load balancing Varnish Cache HTTP reverse proxy CDN. It's all for the fun, various configs are not advanced and may not be optimized. Never copy/paste anything to put into production without testing.

Read on to learn how to set up a global presense...

Set up a global website, Varnish Cache and DNS presence

Most static content, like javascript and images, are offloaded through a CDN sub domain, which I conveniently called "cdn.saotn.org". Content is offloaded using IIS Outbound Rules, or directly by DNS records.

By using a geo load balancing DNS set-up, based on Bind9, visitors are directed to the nearest Varnish Cache node. One is based in the US (New York) and one in the EU (Amsterdam, NL). You can easy expand this set up to other locations on the globe. Besides using IIS Outbound Rules to create a Content Delivery Network, you can also create your own CDN with PHP.

A set up like this makes the content physically closer and faster available to them (is the idea).

Geo DNS load balancing and Varnish requirements

First you need some DigitalOcean droplets. I chose Debian 7 (Wheezy), one located in NYC2 and one in AMS2. The smallest instance will do fine for low traffic sites. After your droplets are created, log in as root and change your root password. Add a ordinary user and then disable sshd's PermitRootLogin.

Open up your sshd_config file

vi /etc/ssh/sshd_config

and change PermitRootLogin from yes to no:

PermitRootLogin no

and restart ssh.

Update your packages

apt-get updateapt-get upgrade

Install Bind9 on Debian Wheezy

Now it is time for you to install Bind 9 on your Debian Wheezy droplets. For this, follow the excellent chrooted bind9 with geodns under debian wheezy guide by Pawel Kudzia. This will set up GeoDNS too.

Varnish 4.0 installation on Debian Wheezy

Next, install Varnish 4.0 on your droplets, follow Varnish Caches installation on Debian guide to get you started. For CentOS, you may follow my post installing Varnish Cache on CentOS 6.7.

Create DNS zones

In /etc/bind you have to create a directory zones, and set correct owner and permissions ACLs. Then create two zone files, for example:

  1. cdn.saotn.org.db
  2. cdn-us.saont.org.db

Their contents:

; Zone file for cdn.example.com
$TTL 14400
cdn.example.com.   86400   IN      SOA     ns1.example.org.       admin.example.org.     (
  2014102909 ;Serial Number
  86400 ;refresh
  7200 ;retry
  3600000 ;expire
  86400   )
cdn.example.com.          NS              ns1.example.org.
cdn.example.com.  300     IN      A       1.1.1.1
; Zone file for cdn-us.example.com
$TTL 14400
cdn.example.com.   86400   IN      SOA     ns1.example.org.       admin.example.org.     (
  2014102909 ;Serial Number
  86400 ;refresh
  7200 ;retry
  3600000 ;expire
  86400   )
cdn.example.com          NS              ns1.example.org.
cdn.example.com  300     IN      A       2.2.2.2

And don't forget your glue- and NS records, see the Bind 9 Administrator Reference Manual for more information on how to set up your zones.

Once you're satisfied with the zone files and Varnish Cache configuration, start bind 9 and varnish:

service bind9 startservice varnish start

Verify the Geo DNS results using whatsmydns.net and www.just-ping.com.

Saotn global DNS network

Never copy/paste anything to put into production without testing.

References used for this post

This post and set up was inspired by the following articles (in no particular order):

Conclusion creating your global Content Delivery Network

Using the online available guides, some own ready to use knowledge and cheap DigitalOcean droplets, you can easily create your own global Content Delivery Network, or CDN. I created this set up in about one hour.

A global DNS load balancing set up like this, with a Varnish Cache back-end, makes content physically closer to your visitors and speeds up your website. They will like that :-)

Maybe this all is a bit too much for you. You can always use IIS Outbound Rewrite Rules or a PHP and .htaccess configuration to create an Origin Pull Content Delivery Network -or CDN- to offload content to different hostnames.