PCS, Corosync, Pacemaker, and Bind

[Mike Bernhardt]

Please confirm that if a DNS query is sent to the virtual address, the reply
will be sourced from the virtual address. The reason for restricting BIND to
a single address was mostly for firewall and administrative simplicity, but
that's not a big deal as long as the same address is used both directions.

The documentation for keepalived isn't very good, but as near as I can tell
it does not support bringing up an application like BIND along with a VRRP
address. Maybe I'm wrong? The cluster.org package works great except for the
lack of an interface, so I've posted over there also to see if it's possible
to build a virtual interface for the IP, but I doubt it.

-----Original Message-----
From: Tony Finch [mailto:dot at dotat.at] 
Sent: Tuesday, March 15, 2016 5:40 PM
To: Mike Bernhardt
Cc: bind-users at lists.isc.org
Subject: Re: PCS, Corosync, Pacemaker, and Bind

Mike Bernhardt <bernhardt at bart.gov> wrote:
>
> I'm setting up a new CentOS 7 DNS server cluster to replace our very 
> old CentOS 4 cluster. The old one uses heartbeat which is no longer 
> supported, so I'm now using pcs, corosync, and pacemaker.

I suggest having a look at keepalived: it's significantly simpler.

> I want BIND to listen on, query from, etc on a particular IP address, 
> which is virtualized. The options currently used are:
> query-source address
> listen-on
> notify-source
>
> listen-on isn't a big deal, but the source address options are.

Why do you care about the query source address?

I don't set any of those options and just let BIND pick whatever source
address it wants; it might choose the server admin address or the advertised
service address, and that doesn't matter because everything else is
configured to accommodate this.

Tony.
--
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/ Shannon, Rockall:
Southeast 4 or 5, increasing 6 at times in Shannon. Moderate or rough. Fair.
Mainly good.