Joachim Schipper wrote:
It will work, but as noted, there's no particular reason to do this;
redundancy is built into the DNS protocol.
Well, there is a reason since I need another box to act as a secondary ;-)
The only caveat I can think of is that running services on a firewall
weakens your perimeter security.
I concur. In this sealed environment it isn't nearly as much of a
concern. The box is a router, with a very simple ruleset to allow remote
administration over the Internet - thats the only real internet traffic.
Finally, don't sync master and CARP - sync master and slave(s) directly.
But that should be obvious.
Yeah I thought that. I am still wondering if I should add the carp
address for the secondary DNS (on the servers resolv.conf), or add
secondary and tertiary addresses being the primary and backup router ...
Regardless, I think you guys have answered my question. Thanks!
Tim
Joachim
