-2

Alright, so my friend and I are setting up a new website. We expect heavy DDoS attacks, so our plan is to use nginx to proxy from various cloud servers so that people can't find our actual server's IP.

However, we need to link all these proxy servers up to one domain, so that when the domain (we'll say domain.com) is requested, it chooses a proxy server to send the user to and sticks them there. It also, however, needs to check if the server it's sending the user to is actually up and running (and has internet connectivity). If the server it's sending the user to is under attack, it kind of defeats the purpose of the proxy servers in the first place.

Any idea on how to do this?

Rob
  • 2,513

2 Answers2

5

I'm not sure why you want to round robin DNS here,it's completely useless here. The proper setup would be to set your A record to your load balancer. Then set a heartbeat to the Webserver to check if it is online. The idea behind helping during an attack is by spreading the load across several servers and to scale up to compensate and scale down after the attack.

Jacob
  • 9,282
1

The only problem I see here is that round robin returns A records in sequential order, not checking if the IP address it's returning is actually online or not.

Bill Gates
  • 11