Re: Understanding DNS, Create an Failover
basti black.flederm...@arcor.de writes: Hello, last weekend my primary DNS-Server goes down, and some of my server can't find each other. [...] How can I fix this? Set up a second name server which operates as slave of your primary one and use the slave as fallback? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k33g6rfl@gulltop.yagibdah.de
Re: Understanding DNS, Create an Failover
lee wrote: basti black.flederm...@arcor.de writes: Hello, last weekend my primary DNS-Server goes down, and some of my server can't find each other. [...] How can I fix this? Set up a second name server which operates as slave of your primary one and use the slave as fallback? bind, and dns in general, are designed for this: 1. you designate multiple nameservers with your registrar - which in turns forwards those records to the root nameservers (generally, you're expected to designate at least a primary and secondary) - so, right off the bat, when all of your nameservers are published (NS records are returned) 2. the trick is keeping the data synchronized - typically, you'll maintain the records in one of your nameservers and then enable synchronization between that server and your secondary server(s) -- bind supports both push and pull 3. a common practice is to have a hidden nameserver, where you maintain your records (e.g., on your own server), and then push/pull the definitive data to several other servers (e.g., heavy duty machines maintained by your data center operator or a commercial service) - that way you can manage the records on a system you control, but not have to eat the data load (and potential DOS attacks) of queries from the outside world It's a bit tricky to set up the first time, then it just runs itself, except when you change records. (If I'm a little foggy on the details, it's because I haven't had to touch our nameservers in a long time. They just hum along). I would recommend getting a good book on the subject - DNS Bind from O'Reilly is pretty good, though I don't know when they've last updated it. Several other notes: - While BIND is the definitive nameserver, there are others (e.g., PowerDNS). Some of the others might be easier to administer (GUI vs. text files, that sort of thing). - Webmin has a nice admin interface for bind. - dnsstuff.com has some nice tools for monitoring and troubleshooting DNS, and their free toolset is enough for most things Or.. you could just farm it all out to someone else. Pretty much every registrar will provide DNS for you, as well as as lots of other services. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5453e031.8070...@meetinghouse.net
Re: Understanding DNS, Create an Failover
If the DNS information does not change frequently, then you can make the changes to both databases manually. You may be able to just copy the zone files, I'm not sure, but you will need to update the serial numbers. Basti asked about resolvers, you are talking about authoritative servers. Basti, if the timeout from the first listed name server bothers you can either install a local resolver such as BIND or Unbound and configure it as a forwarder (the local resolver will react more gracefully to unavailable upstream resolvers), or use techniques such as IP anycast or some other high-availability approach to make sure that there is always a server responding under the IP address you have configured. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw8flz04@mid.deneb.enyo.de
Re: Understanding DNS, Create an Failover
Florian Weimer a écrit : Basti asked about resolvers I am not sure about this. IMO it requires clarification. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5451443c.4030...@plouf.fr.eu.org
Re: Understanding DNS, Create an Failover
On Wed, 29 Oct 2014 15:41:15 +0100 Florian Weimer f...@deneb.enyo.de wrote: If the DNS information does not change frequently, then you can make the changes to both databases manually. You may be able to just copy the zone files, I'm not sure, but you will need to update the serial numbers. Basti asked about resolvers, you are talking about authoritative servers. I understood from this... For understanding: Is the secondary DNS just a backup of the Master for loadBalancing? What does the secondary DNS do if master is down? ...that he was also asking about the behaviour of multiple DNS servers. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141029222012.13176...@jresid.jretrading.com
Understanding DNS, Create an Failover
Hello, last weekend my primary DNS-Server goes down, and some of my server can't find each other. I have a Primary and a Secondary DNS-Server using bind9. The resolv.conf file looks like: nameserver MyPrimaryDNS nameserver OneOfMyISP nameserver 2'ndOfISP For understanding: Is the secondary DNS just a backup of the Master for loadBalancing? What does the secondary DNS do if master is down? How can I fix this? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/544f58ff.70...@arcor.de
Re: Understanding DNS, Create an Failover
basti wrote: Hello, Hello, last weekend my primary DNS-Server goes down, and some of my server can't find each other. I have a Primary and a Secondary DNS-Server using bind9. The resolv.conf file looks like: nameserver MyPrimaryDNS nameserver OneOfMyISP nameserver 2'ndOfISP For understanding: Is the secondary DNS just a backup of the Master for loadBalancing? What does the secondary DNS do if master is down? How can I fix this? According to the resolv.conf(5) manpage the nameservers are used in the specified order. The extra nameservers are used as backup if the previous one is not answering. There is no load balancing done here. The algorithm used is to try a name server, and if the query times out, try the next, until out of name servers, then repeat trying all the name servers until a maximum number of retries are made. Cheers, Laurent Bigonville -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141028110448.65cf2...@soldur.bigon.be
Re: Understanding DNS, Create an Failover
On Tue, 28 Oct 2014 09:51:11 +0100 basti black.flederm...@arcor.de wrote: Hello, last weekend my primary DNS-Server goes down, and some of my server can't find each other. I have a Primary and a Secondary DNS-Server using bind9. The resolv.conf file looks like: nameserver MyPrimaryDNS nameserver OneOfMyISP nameserver 2'ndOfISP For understanding: Is the secondary DNS just a backup of the Master for loadBalancing? What does the secondary DNS do if master is down? How can I fix this? If the DNS information does not change frequently, then you can make the changes to both databases manually. You may be able to just copy the zone files, I'm not sure, but you will need to update the serial numbers. BIND will not use a zone file that has an unexpected serial number. If you are using dynamic DNS updates, or have other frequently-changing information, you probably need to set up replication between the DNS servers, and I can't be of any help there. The two servers will run independently, but exchange DNS data periodically. You will need to include both your DNS servers in all computers' nameserver lists. If you have a number of workstations on DHCP, this information can be distributed automatically. There's no point in including the ISP's servers, they won't contain your local information, they will only provide public DNS information. As Laurent said, the listed DNS servers are not used randomly, the highest on the list will always be used first. I don't know how the Linux resolver works, but a Windows resolver will not re-check any failed servers for a particular timeout period, so once it finds a responsive DNS server, it will stay with it for a while before re-trying the top priority server. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141028185730.1f7cf...@jresid.jretrading.com
