[Techtalk] Stupid DNS questions

Diggy Bell diggy at dbsoftdev.com
Tue Mar 9 02:42:21 EST 2004


Hi Michelle,

Since you have three DNS servers, you might want to optimize the way your
managing the trio.  Based on what you've described, here's a quick run down
of one alternative.

First, let's look at how you are using the three DNS servers.  For optimal
availability, you should consider the physical location of the machines so
that you have network and hardware redundancy.  If you put the primary and
ternary servers on one network, and place the secondary on the other
network, you can insure that traffic will be more quickly routed to the
secondary server in the event your primary fails.

ns1.example.com - 10.0.0.250
ns2.example.com - 192.168.1.250
ns2.example.com - 10.0.0.251

In terms of your master/slave zone updates, both ns2 and ns3 should be
slaves to ns1.  If you make a change to a zone on ns1,  it would
automatically propagate to the two slaves.  Note that there is a serial
number in the zone files.  This must be incremented on each change to the
zone file to drive the update process.

Now, that still leaves one small problem if ns1 is offline for a long period
of time.  The zone files that are transferred to the slaves have a Time to
Live (TTL) value that indicates how long the zone information is valid.
This applies to both slave servers, and caching servers.  If this value
expires, the slave will request the data from the master DNS server.  If the
master is not available, the slave will eventually stop responding to
requests for the domain.

To get around the TTL problem, I've adopted a bit of a brute force approach,
but its quick to implement, and it works!  If I know that the primary DNS
server will be offline for any period of time, I have a script that will
scamper through named.conf and change all of the slave entries to master
entries.  This means that my DNS server will think it's the primary as long
as the real primary is offline.  When ns1 is back online, I simply restore
the version of named.conf with the slave entries and all is back to normal.
I'm sure there is a better way, but sometimes you've just gotta 'make it
work!'

Hope this helps...

William D. 'Diggy' Bell
Principal
DB Software Development
http://www.dbsoftdev.com

----- Original Message ----- 
From: "Michelle Murrain" <tech at murrain.net>
To: <techtalk at linuxchix.org>
Sent: Monday, March 08, 2004 8:11 AM
Subject: [Techtalk] Stupid DNS questions


> Hi All,
>
> I hate to show my ignorance, especially given that I've been running
> DNS servers for a year or so.
>
> Right now, I have two DNS servers (Bind 9) on a local network, and
> they are both acting as masters, and a third remote DNS acting as a
> slave to the primary DNS server.
>
> I need to create a system where I can easily change DNS info (add
> subdomains, change IPs) via a web interface (so multiple people can
> have access to that - I'm assuming I'll use WebMin). The challenge
> is, how to make sure all of the DNS info for all three servers is
> updated properly.
>
> I'm not exactly certain how slave DNS servers work, which is part of
> my issue. RIght now, in order to change DNS info on the domains I'm
> running DNS for, I update the respective db files and named.conf on
> both servers. I'd like to do it only once. I could set up the second
> DNS server on the local network to be a slave to the first, but I was
> afraid if for some reason the first became unavailable, the second
> would then not work, which is then besides the point (which also
> makes me ponder the issue of the remote slave).
>
> Also, if anyone has any other suggestions for how to do this, I'm
> happy to take them.
>
> Thanks.
> -- 
> .Michelle
>
> --------------------------
> Michelle Murrain
> mmurrain at dbdes dot com
> 413-253-2874 ph
> 413-222-6350 cell
> 413-825-0288 fax
> AIM:pearlbear0 ICQ:129250575
> SMS: 4132226350 at messaging dot sprintpcs dot com
>
> "Work like you don't need the money. Love like you've never been
> hurt. Dance like nobody's watching." - Satchel Paige
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
>




More information about the Techtalk mailing list