> On 19. 11. 2024, at 1:42, Jean-François Bachelet <jfbache...@free.fr> wrote: > […] > I am just curious, as the correct config for the secondary DNS, as if the > main one is down and the secondary have not the complete config itself how > can it take on the job of the primary one for the time of its repair ?
Thank you for the description. That makes it much more clear. So, yes, usually you maintain the zones on the primary and have the second server be a secondary that transfers the zones from primary (use TSIG). Other common setups might be: - a hidden primary - you maintain the zones contents on the server that’s not used directly by clients; then both “visible” servers are secondary; the primary can also act as a DNSSEC signer - a direct provisioning - both servers get the zone contents from a provisioning system that’s not DNS (git, database, DNSSEC signer) As for the “replace” function - the stub resolver in the operating system will fallback to the second server, but that still introduces a delay. If you want to have a seamless transition usually something like VRRP is used, but there’s more HA options there which allows the second server to take over when the first server is down. Basically, the both servers will have “service” IP address and then one of them will have the client-visible IP address which will then transition to the second server in case of the first one is down. We don’t know the size of the setup and the requirements for the availability, but for small setups this could even be just a manual intervention - you can configure the IP address on the second server in the case of the outage. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users