[NTLUG:Discuss] "Back up dns server"?

Carl Haddick sysmail at glade.net
Tue Dec 4 16:05:14 CST 2007 

On Tue, Dec 04, 2007 at 09:18:42PM +0000, m m wrote:
>  
> Sorry for the confusion, What I means is when the file setting is massed up, the request packets can not go to your server. for example: 
> you have web site AAA.com with IP 1.2.3.4 on server BOX1, your DNS server have set up correctly. you server BOX1 is behind firewall, and your firewall knows to sent the traffic with IP 1.2.3.4 to BOX1. Everything at this point is good.
>  
> one day, something happened on yor firewall (device), it is dead and doesn't route the request packets to 1.2.3.4. This is what I mean firewall broken.
> How do you keep yor AAA.com site still live at this point?
>  
> if we have the "another" dns server "says" AAA.com have another ip 1.2.3.5, will it solve the problem, right? 
> this my question:
> can we have one dns server says AAA.com's ip is 1.2.3.4 and
> another dns server says AAA.com's ip is 1.2.3.5?

You certainly can, but it would not be a good practice and should be
avoided.  Your two name servers will both take requests, and if a box
fails the DNS servers will not automatically notice - so the two name
servers answering differently will not address the problem.

One solution would be to have a script running on one of the name
servers pinging the two hosts.  As long as both were responding, you
could return two A records from each DNS server.  If one stopped
responding, your script could modify your DNS zone file, and HUP the DNS
server (or rndc reload, or whatever).

If your second name server was a slave to the first and it was bind, you
could rndc reload it as well to catch it up.

In any case, I suspect the best solution will be for your two name
servers to agree on zone serial number and zone data across all queries
they answer.

Or, set up your favorite network monitor to watch availability of your
web site.  When you get the page that the firewall went down, address it
as a firewall problem, not a web site problem.  Likely, that firewall
going down will create other problems, won't it?

Hope that helps,

Carl

More information about the Discuss mailing list