HSRP-like virtual DNS services.

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Sat Sep 4 06:39:02 UTC 2004 

Phil Hoenig <phil at mul.its.unimelb.edu.au> wrote:
> Hi all,

> I'm looking at upgrading our DNS servers and, if possible, would like
> to have some sort of redundacy set up such that if any one machine went
> down the service itself would still continue. 

> A possibility is to have two machines behind a load sharer of some
> sort, but that load sharer itself then becomes a single point of
> failure, so there'd have to be two of those. This leads to at least
> four machines for each of our three services (which I want to keep
> separate so that a DOS against one is not a DOS against the others) and
> I'm not sure I can justify the resources to purchase, set up and
> maintain a dozen machines. I'm also not sure how that sort of thing
> would work when other very important services are on the same subnet
> (it seemed like a good idea at the time - over a decade ago) and
> changing the IPs of these services would be painful.

> A DNS analogue to Cisco's HSRP seems like a good solution. Two DNS
> servers each with their own IPs on the same subnet would pretend to be
> a third, with the first doing all the work whilst the second monitors
> the first and takes over should the first have any difficulties. I'd
> imagine that there should be a wrapper script around named similar to
> that mentioned in <http://www.isc.org/pubs/tn/isc-tn-2004-1.html> so
> that a machine with DNS probems will appear to be a machine off the air
> and that there'd have to be some work to keep these machines
> synchronised and have their zone transfer request appear to come from the
> virtual service.

> Presumably this sort of thing's been done before but I can't find much
> useful documentation on the matter. What term should I be Googling for?
> (The hardware and OS haven't been purchased as yet so they can be
> whatever's suitable.)

Have you actually read rfc1034 ? Have you seen that DNS _IS_ a redundant
service ?  Just mke shure that your zone is delegated to at least two
dns-servers located sufficientky far apart.

What is your concern ?



-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list