One Domain; Multiple IPs.

Chris Buxton cbuxton at menandmice.com
Tue Jul 17 18:37:32 UTC 2001 

At 1:58 PM -0400 7/16/01, Joseph S D Yao wrote:
>On Mon, Jul 16, 2001 at 07:12:33AM -0700, Dominik wrote:
>  > We have one domain, which is mostly used to access a webserver.  The
>  > webserver has two Internet connections; when one goes down, it can
>  > still be accessed via the other.  Obviously, this server has two IPs
>  > (one on each connection).  Unfortunately, www.domain on this box can
>  > only resolve to one IP, as far as I know.  Is there any way to specify
>  > two addresses, so that when one connection goes down, the nameserver
>  > automatically starts responding with the IP for the other connection?
>  >
>  > I realize that there probably isn't any way to do this with standard
>  > BIND.  One thing I was wondering about--how would NetSol react if we
>  > submitted two nameservers for our domain, with each one responding to
>  > the www.domain with a different IP?  Is this a solution in any way?
>
>You could have two name servers, giving out different IP addresses.
>That way, if one side goes down, only HALF the accesses would be to the
>dead IP address.

Huh??? Why would half fail?

Here's the deal: The web server sits on both lines, with an IP 
address on each. Each line has a separate DNS server (or, with Bind 
9, you have a single DNS server with two different zone views). There 
are no other DNS servers; there are no servers that host the zone as 
a slave zone, so zone transfers aren't an issue.

Each DNS server only gives out the address of the web server that's 
on the same line as the DNS server. If that line goes down, incoming 
DNS queries fail, so the nonfunctional web server address isn't given 
out. The only failures (for new web visitors) occur between the time 
of the line failure and the time of the and the subsequent expiration 
of the TTL - usually set to 300 or less.

Of course, anyone who's already gotten to the site is out of luck 
until they reboot their machines, at least for most client platforms. 
That's why I always tell people BGP is a better solution. But many of 
those who use the method outlined above have DSL lines; relatively 
few DSL providers support BGP.


Regarding the ongoing debate/flame war: Please, no more arguing about 
whether this violates the protocol, or what-have-you. The fact is, it 
causes absolutely no problems and works as well as I've described. 
Anyone who hasn't thought this through thoroughly should not be 
making statements of strong opinion. The protocol is a tool, not a 
religious text.
____________________________________________________________________

Chris Buxton <cbuxton at menandmice.com>

Men & Mice <http://www.menandmice.com/> offers:
  - DNS training, including Active Directory
  - QuickDNS, a DNS management system (now supporting Solaris)
  - DNS Expert, a DNS analysis and troubleshooting utility
____________________________________________________________________

More information about the bind-users mailing list