> On 19. 11. 2024, at 1:42, Jean-François Bachelet <jfbache...@free.fr> wrote:
> 
[…]
> I am just curious, as the correct config for the secondary DNS, as if the 
> main one is down and the secondary have not the complete config itself how 
> can it take on the job of the primary one for the time of its repair ?

Thank you for the description. That makes it much more clear.

So, yes, usually you maintain the zones on the primary and have the second 
server be a secondary that transfers the zones from primary (use TSIG).

Other common setups might be:
- a hidden primary - you maintain the zones contents on the server that’s not 
used directly by clients; then both “visible” servers are secondary; the 
primary can also act as a DNSSEC signer
- a direct provisioning - both servers get the zone contents from a 
provisioning system that’s not DNS (git, database, DNSSEC signer)

As for the “replace” function - the stub resolver in the operating system will 
fallback to the second server, but that still introduces a delay. If you want 
to have a seamless transition usually something like VRRP is used, but there’s 
more HA options there which allows the second server to take over when the 
first server is down. Basically, the both servers will have “service” IP 
address and then one of them will have the client-visible IP address which will 
then transition to the second server in case of the first one is down.

We don’t know the size of the setup and the requirements for the availability, 
but for small setups this could even be just a manual intervention - you can 
configure the IP address on the second server in the case of the outage.

Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to