Is it Bad Practice to Use NS Server that is Usually Turned Off?
s.fenster at gmail.com
s.fenster at gmail.com
Thu Jun 26 13:51:16 UTC 2008
Barry,
Thanks for your guidance. After considering your comments, I did some
research, and found the following documents: RFC 2182 (Selection and
Operation of Secondary DNS Servers) and RFC 1912 (Common DNS Errors)
to be educating and useful.
I am using your suggestion of leaving the backup site as a reachable
name server. I made this server a secondary, and it gets zone
transfers from the primary DNS server.
Thank you for your help.
Seth
On Jun 25, 10:50 pm, Barry Margolin <bar... at alum.mit.edu> wrote:
> In article <g3uer6$28o... at sf1.isc.org>, s.fens... at gmail.com wrote:
> > Hi,
>
> > I want to know if it is considered bad practice to use a name server
> > that is usually not responding. My goal is to quickly be able to
> > change name servers in the case of a disaster at the main site.
>
> > Our setup is the following:
>
> > ISP hosts our zone file, which looks like this:
>
> > myserver IN NS wan1.domain.com
> > IN NS wan2.domain.com
>
> > wan1.domain.com IN A 1.2.3.4
> > wan2.domain.com IN A 2.3.4.5
>
> > I control wan1.domain.com and have A records for my servers. In order
> > to prevent requests from going to wan2 (which is our backup site), I
> > would disable access to that dns server. As I understand it, there is
> > no priority for NS records like there is for MX records. I understand
> > this might create more traffic on 2.3.4.5, but it may be an acceptable
> > consequence.
>
> > My question is, will my users see a delay when resolving
> > myserver.domain.com? I saw that BIND uses a relatively smart (as
> > compared to round robin) algorithm to determine which name server to
>
> Most DNS servers keep track of nameserver response times, and prefer the
> ones with better response times. But they also periodically try the
> other servers, so that they'll detect when their performance improves.
> So this will result in occasional lookup delays.
>
> > query. I assume my ISP is using BIND (but I am not sure).
>
> And even so, what you care about is the ISPs for all the people who
> might try to access your domain.
>
> > The alternative is to use a managed DNS service that detects down
> > links and switches NS servers. It would be great if my ISP did this,
> > but I suspect they don't. And I don't want to wait for them to change
> > my zone file and wait for it to propagate. I also don't want to give
> > my DNS over to a managed provider - I like to be in control of my DNS.
>
> Why don't you keep both nameservers running, but update the zone
> contents when you need to fail over? Do you really need to avoid DNS
> traffic to the backup site?
>
> --
> Barry Margolin, bar... at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list