rsync sounds like a fine solution, the problem imo, is what happens when something goes wrong, when a file transfer fails.
right now i'm thinking about not rsync'ing the zone files by eash one, but rsync a tar file with all the zone files, so if it fails, it fails atomically (i know that this works for me, but other may prefer other failure modes) as a crude verification mechanism i was planning on naming the tar file with the sha-256 hash of the tar file cheers! ~Carlos On 5/20/13 1:34 PM, Bob Harold wrote: > Syncing between the two servers would seem to only help in the case > where the masters could only reach the first server, but your slaves > could only reach the second server, which seems unlikely, unless the > second distribution server is closer (network-wise) to the slaves. > > I would continue to push for 100% allow-transfer, and set up automated > cron jobs to test and send email for those that are not working. > > I plan to use a similar setup, but fortunately I only have about a dozen > masters to contact, so it will be much easier for me. > > The only 'clever' alternative I can think of is to change the IP of the > second distribution server to take over the IP of the first server if > the first one fails. It helps if each server has a second IP that is > separate. > > -- > Bob Harold > DNS, University of Michigan > > > On Sat, May 18, 2013 at 8:00 AM, > <[email protected] > <mailto:[email protected]>> wrote: > > Message: 1 > Date: Fri, 17 May 2013 16:53:09 +0200 > From: Anand Buddhdev <[email protected] <mailto:[email protected]>> > To: [email protected] > <mailto:[email protected]> > Subject: [dns-operations] Multi-master setups > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset=ISO-8859-1 > > Dear DNS folk, > > I'm thinking about multi-master setups to add some resiliency to our DNS > infrastructure. > > In our specific case we have a distribution server which slaves several > zones from various different parties. They also send notify messages to > this server. Once it transfers a zone, it sends notify messages to our > public-facing DNS cluster, and they all transfer the zone from it. > > Obviously, this single distribution server is a single point of failure, > and I'd like to get rid of it. > > The simplest solution is to add a second server to our infrastructure, > with an identical zone configuration, so that it is also a slave for all > the same zones. It would also transfer zones directly from the masters, > and provide AXFR/IXFR to our cluster. > > Adding a second distribution server has management overhead though. We > have several hundred masters, and even after contacting all of them, we > will never have a 100% clean setup where the master allows zone > transfers for both our distribution servers. So if I want to ensure that > both our distribution servers hold identical copies of zones, then I > would ideally want them to notify each other, and pull zones off each > other as well. Do any of you do this? > > Aside from this idea, are there any other clever ideas people have > implemented? > > Regards, > > Anand Buddhdev > > > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
