Results 1 to 7 of 7

Thread: DNS Redundency

  1. #1
    Join Date
    Feb 2003
    Location
    Sydney.Australia
    Posts
    501

    DNS Redundency

    Hi all,

    I have recently received a second network connection for my server which comes with an ip on a different subnet via a different provider.

    I have set it all up so I have:
    eth0 : first provider
    eth1 : second provider

    Both are able to be contacted by the outside world.

    Now my question is:

    I have bind9 running on my box, and currently it is my only name server, i dont have a secondary. What I am wanting to do is to setup a second bind9 server on the same box but get it to only communicate with the eth1 connection, thus allowing me redundency. I know I would have to edit the zone files.

    Any suggestions on the best practise in my situation? I don't have the time or the hardware to setup a second box just for dns.

    Cheers!

    Chris

  2. #2
    Join Date
    Jul 2005
    Posts
    256
    There's no need to setup a secondary DNS in your situation.
    Just configure bind to listen on both IP addresses.
    Open your named.conf file and add:

    listen-on {xxx.xxx.xxx.xxx;};
    listen-on {yyy.yyy.yyy.yyy;};


    inside options { ........ } part. Then restart bind.
    Same effect, much less pain.

  3. #3
    Having two public DNS servers on the same box isn't really a solution. If your box goes down, your domain(s) will disappear from the internet. If you can only afford one box, the best solution is use one of the free services that provide secondary DNS, use your domain registrar for DNS or swap services with another person who also is trying to run two public DNS servers on one machine (or has given up and decided to use only one name server).

    You can be secondary for his domains and he can act as a secondary for yours.

    Steve
    Wiseburn Networks
    http://www.wiseburn.net/

  4. #4
    Join Date
    Feb 2003
    Location
    Sydney.Australia
    Posts
    501
    Steve, the way I see it, if my box goes down then my websites are down anyways.
    I am just trying to protect my websites if one of the connections go down

    Chris

  5. #5
    Hi Chris,

    If you have two separate nameservers and one goes down (along with your web server), A browser would get a server not responding message, email will be queued. With one nameserver that goes down, your browsers will see no such domain and your incoming emails will be bounced.

    No problem with redundant networks, but you should have two DNS servers in different places.

    I have one coloed and my secondary is on my [static IP] DSL line. before I had the colo box, I peered with a similar enthusiant on our DSL lines.

    Steve
    Wiseburn Networks
    http://www.wiseburn.net/

  6. #6
    Join Date
    Feb 2003
    Location
    Sydney.Australia
    Posts
    501
    Ok my solution in the end was to do the following:

    Setup DNS so it binds to both eth0 & eth1 (Thanks PerfTuner for this)
    Edit zone files to have two entries for each A record and a 60 sec TTL (one for eth0 ip and one for eth1 ip)
    Create two nameservers with domain register (one pointing to the eth0 ip and the other to eth1 ip)
    Restart bind

    NSlookup on a domain now hosted by the box and it will output 2 ips in the addresses.

    The TTL of 60 seconds forces no DNS caching thus if one connection drops the other one will auto take the load. Used the Round Robin DNS scheme suggested by http://hacks.oreilly.com/pub/h/79 (Thanks sailorFred for this link).

    Example nslookup to perform is against : clubbed.org

    Hopefully this helped someone else

    Chris

  7. #7
    Join Date
    Apr 2004
    Location
    San Jose
    Posts
    902
    Right now you, have round robin DNS on each of your IPs. That means that if one connection goes down, the DNS server on the other IP will still give both addresses. That's bad because half of the browsers out there will get the down IP address.

    You should have each one only give its own IP address, then when one connection is down, that IP will disappear from your DNS. All of the new lookups will get your remaining IP and be able to connect until the down connection comes back up.

    Wiseburn is mostly correct about why you generally should not have your DNS dependent on a single box. However, instead of getting an NXDOMAIN, you will get SERVFAIL when your machine is down. Sendmail will queue the message, rather than bouncing it, at least from 8.12 onwards. Other MTAs may not be as forgiving.

    The reason the RFCs require two authoritative DNS servers is so that the DNS information will generally be available.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •