I have recently received a second network connection for my server which comes with an ip on a different subnet via a different provider.
I have set it all up so I have:
eth0 : first provider
eth1 : second provider
Both are able to be contacted by the outside world.
Now my question is:
I have bind9 running on my box, and currently it is my only name server, i dont have a secondary. What I am wanting to do is to setup a second bind9 server on the same box but get it to only communicate with the eth1 connection, thus allowing me redundency. I know I would have to edit the zone files.
Any suggestions on the best practise in my situation? I don't have the time or the hardware to setup a second box just for dns.
Having two public DNS servers on the same box isn't really a solution. If your box goes down, your domain(s) will disappear from the internet. If you can only afford one box, the best solution is use one of the free services that provide secondary DNS, use your domain registrar for DNS or swap services with another person who also is trying to run two public DNS servers on one machine (or has given up and decided to use only one name server).
You can be secondary for his domains and he can act as a secondary for yours.
If you have two separate nameservers and one goes down (along with your web server), A browser would get a server not responding message, email will be queued. With one nameserver that goes down, your browsers will see no such domain and your incoming emails will be bounced.
No problem with redundant networks, but you should have two DNS servers in different places.
I have one coloed and my secondary is on my [static IP] DSL line. before I had the colo box, I peered with a similar enthusiant on our DSL lines.
Ok my solution in the end was to do the following:
Setup DNS so it binds to both eth0 & eth1 (Thanks PerfTuner for this)
Edit zone files to have two entries for each A record and a 60 sec TTL (one for eth0 ip and one for eth1 ip)
Create two nameservers with domain register (one pointing to the eth0 ip and the other to eth1 ip)
NSlookup on a domain now hosted by the box and it will output 2 ips in the addresses.
The TTL of 60 seconds forces no DNS caching thus if one connection drops the other one will auto take the load. Used the Round Robin DNS scheme suggested by http://hacks.oreilly.com/pub/h/79 (Thanks sailorFred for this link).
Example nslookup to perform is against : clubbed.org
Right now you, have round robin DNS on each of your IPs. That means that if one connection goes down, the DNS server on the other IP will still give both addresses. That's bad because half of the browsers out there will get the down IP address.
You should have each one only give its own IP address, then when one connection is down, that IP will disappear from your DNS. All of the new lookups will get your remaining IP and be able to connect until the down connection comes back up.
Wiseburn is mostly correct about why you generally should not have your DNS dependent on a single box. However, instead of getting an NXDOMAIN, you will get SERVFAIL when your machine is down. Sendmail will queue the message, rather than bouncing it, at least from 8.12 onwards. Other MTAs may not be as forgiving.
The reason the RFCs require two authoritative DNS servers is so that the DNS information will generally be available.