Hi, I guess that could/would work, but it poses some questions for me:
- the zone mechanism of icinga already takes care of the connection if one of the parent zone members is unavailable. E.g. master1 becomes unavailable so master2 will take over alle the connections to the satellites
- if both master endpoints have identical information in
host = <ip/fqdn> inside the
zones.conf there is a possibility that the satellites are only connected to one of the masters, because the other master isn’t “reachable” via the DNS record.
- I assume the WAF could block very much of the Icinga traffic.
Maybe you can elaborate on the topic from your point of view, why you want to do what are planning.
I’m no network/security/loadbalancing expert (far from it even) but I don’t see any benefit from having a LB with a WAF for the Icinga masters.
For making the webinterface available to the outside, sure. This we do as well, and the WAF is blocking many sites and actions from the webinterface and the Icinga Director