achieving failover with 2 primary name servers?

Tue Oct 28 22:52:11 UTC 2003

You should be running your nameservers independently of your webservers. 
Whenever you detect a failure of your primary website, change its A 
record (e.g. via Dynamic Update, or the old change-zone-file-and-reload 
method). This kind of failover doesn't require you to "gang" your 
nameservers with your webservers.

The 1-minute TTL is rather anti-social though (yes, I know 
DaimlerChrysler has 1-minute TTLs for many of our websites, but my 
objections to that were overridden).

- Kevin

Ori Tend wrote:

>I implemented this, and it looks like web visitors are arriving to both
>boxes - always.
>I want to achieve a situation where visitors start to go to the second
>box only when the first box fails.
>So I'm thinking of the following:
>Have the DNS2 run as secondary to DNS1 (as Barry mentioned, TTL should
>be low, 1 min or so).
>Run a simple script on box2 that polls the box1 to verify that www
>responds well.
>In case of a failure of box1, the script will switch the named.conf and
>the zone file (on box2), to make DNS2 as primary, with A record pointing
>to an IP residing on this box2.
>When the script identifies that box1 is up and running again, it will
>switch the named.conf and the zone file again (on box2), to make DNS2 a
>secondary again, pointing to box1 again.
>
>Again, this would help to divert visitors to box2 only when box1 dies.
>Reason I prefer not to use lbnamed, is that its not as actively
>maintained as bind, and not as documented as bind- and a simple script
>can help achieving the needs.
>
>What do you think about it? I mean, try to beat it with thoughts why it
>won't work, and why I shouldn't do that :-)
>
>Thanks,
>Ori.
>=20
>-----Original Message-----
>From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
>Behalf Of Barry Margolin
>Sent: Monday, October 20, 2003 5:05 PM
>To: comp-protocols-dns-bind at isc.org
>Subject: Re: achieving failover with 2 primary name servers?
>
>
>In article <bn0256$ut3$1 at sf1.isc.org>, Ori Tend  <ori_tend at yahoo.com>
>wrote:
>  
>
>>Hi All,
>>=20
>>Trying to achieve a simple failover, I think of the following: Have 2=20
>>dns servers for my domain at the registrar. Both would act as a primary
>>    
>>
>
>  
>
>>server for the domain. DNS1 will answer requests, and delegate=20
>>www.domain.com to first ip - which is hosted on the same box as DNS1.
>>DNS2 will answer requests, and delegate www.domain.com to second ip -
>>which is hosted on the same box as DNS2.
>>=20
>>The rational is that if a resolver can't reach any of the DNS servers=20
>>(either DNS1 or DNS2), it's most likely won't be able to reach the ip's
>>    
>>
>
>  
>
>>that are hosted on box1 and box2 respectively as well, due to a box=20
>>failure. So I assume that in case of a failover scenario, box1 will not
>>    
>>
>
>  
>
>>be
>>reached- therefor, the client resolver will try DNS2, which will reply=20
>>with the ip of the apache placed on box2- and that's how a failover=20
>>will be achieved.
>>=20
>>The only drawback I can think of is that a zones would have to be=20
>>transfered manualy, when a zone is changed, but sine i change the zones
>>    
>>
>
>  
>
>>rarely, it's not that much of a hassle. Can anyone point other issues?=20
>>Will it even work?
>>    
>>
>
>I think this should work fine.
>
>You should make the TTL of the www.domain.com record short, so that
>resolvers don't cache the address of the failing box for long.
>
>--=20
>Barry Margolin, barry.margolin at level3.com
>Level(3), Woburn, MA
>*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
>newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't
>posted to the group.
>
>
>
>
>
>
>
>
>  
>