Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
DNS and keepalived
218 views
Skip to first unread message
Leroy Tennison
Aug 6, 2018, 10:15:06 AM8/6/18
to bind-...@lists.isc.org
As previously posted, I just added a slave of a master for disaster recovery and now need to know how to promote it should the master be offline too long. An additional complicating factor is that the master and slave exist on a failover pair managed by keepalived. My web search has found a few references to this situation but they have either used slave servers or were veery light on the details of bind configuration. I'm converting and existing situation where there was a single server for almost totally non-DHCP clients (servers). I would prefer to not roll out a different DNS resolver configuration to all those non-DHCP clients - the environment size is sort of "in between" (not small or large).
The issues I see are in the SOA, with keepalived I could leave the SOA the same on both since the IP address for the DNS server (and other functions) moves. The question is "Am I missing something?" which will come back to haunt me later?
Join us
at the 2018 Momentum User Conference!
Register
here
Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.
The issues I see are in the SOA, with keepalived I could leave the SOA the same on both since the IP address for the DNS server (and other functions) moves. The question is "Am I missing something?" which will come back to haunt me later?
Join us
at the 2018 Momentum User Conference!
Register
here
Leroy Tennison
Network Information/Cyber Security Specialist
E: le...@datavoiceint.com
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com
TThis message has been sent on behalf
of a company that is part of the Harris Operating Group of
Constellation Software Inc. These companies are listed
here
.
If you prefer not to be contacted by Harris
Operating Group
please notify us
.
This message is intended exclusively for the
individual or entity to which it is addressed. This communication
may contain information that is proprietary, privileged or
confidential or otherwise legally exempt from disclosure. If you are
not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you
have received this message in error, please notify the sender
immediately by e-mail and delete all copies of the
message.
Grant Taylor
Aug 9, 2018, 3:35:10 PM8/9/18
to bind-...@lists.isc.org
On 08/06/2018 08:14 AM, Leroy Tennison wrote:
> As previously posted, I just added a slave of a master for disaster
> recovery and now need to know how to promote it should the master be
> offline too long.
Please see the reply that I just sent for details about how I handled
> As previously posted, I just added a slave of a master for disaster
> recovery and now need to know how to promote it should the master be
> offline too long.
this problem in the past.
> An additional complicating factor is that the master and slave exist on
> a failover pair managed by keepalived.
identical servers. Thus between two masters or two slaves. I would not
want to try to cross the role between two servers managed by keepalived.
> My web search has found a few references to this situation but they have
> either used slave servers or were veery light on the details of bind
> configuration.
But I believe that most of the configurations I've seen work between two
slaves that share a common (optionally hidden) master server. This
allows both servers to be identical and a backup for each other and
avoids the need for keepalived to significantly reconfigure BIND's
operation.
> I'm converting and existing situation where there was a single server for
> almost totally non-DHCP clients (servers).
> I would prefer to not roll out a different DNS resolver configuration to
> all those non-DHCP clients
Ideally the DNS server's VIP / functional IP will stay the same. Thus
no need to reconfigure clients.
The change will be in the servers that are capable of hosting said VIP.
Aside from potential SOA / MNAME issues (see my other reply) I don't see
any issues in adding additional servers; 1 (optionally hidden) master
and an additional slave to participate in the keepalived configuration
with the existing server.
> the environment size is sort of "in between" (not small or large).
be applicable to you for motivation to doing things.)
> The issues I see are in the SOA, with keepalived I could leave the SOA
> the same on both since the IP address for the DNS server (and other
> functions) moves.
need to be accessible. (See my other reply.)
> The question is "Am I missing something?" which will come back to haunt
> me later?
--
Grant. . . .
unix || die
0 new messages