Hi, During my Icinga-setup it comes in my mind, what if the dns fails?
Let me explain my thoughts with the following. I use Icinga on a dedicated host in my internal network. I have two Windows DNS server (Active Directory based) that are use from Icinga to do name resolution. I have blocked DNS traffic from Icinga to the DNS server to simulate a network/dns server fault. The result is a All-Red Icinga that makes it hard to determine which was the root cause. My thought about a solution to this problem: A) Set the DNS server/service as "parent" in the Icinga configuration. So it this services fails, everything is UNREACHABLE and not CRITICAL. But how can I set two systems as parent -> two DNS server. In addition it will also breaks my network topology. At all a bad idea. B) Configure a caching DNS server on Icinga host to cache results. But this will help only for short time outage until the TTL expire. And in my setup the TTL of a RR is 3600 seconds. C) Configure a slave DNS server on Icinga host. This will copy the whole zone to a local DNS server. This will increase the outage time to one day, after that the zone data expire. D) Use IP address for Icinga configuration instead of FQDN. It seems like the ultimate solution but is hard to manage. Every DNS change must be done also in the Icinga configuration. How do you solve the "DNS Problem"? What is best practice? Thanks for all feedback, -- Jummo ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ icinga-users mailing list icinga-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/icinga-users
