homepage Welcome to WebmasterWorld Guest from 54.167.138.53
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
DNS transfering / Zone Transfers
Not quite sure how to use them...
vincevincevince




msg:3483710
 7:29 am on Oct 22, 2007 (gmt 0)

Production ns1.example.com and ns2.example.com both point at one webserver combined with a DNS server for the same sites

Backup There is also an identical webserver and DNS combination which differs only by IP, and the fact that ns1.example.com and ns2.example.com do not point to it.

I now have two Debian VPS servers on separate providers which are intended for use as DNS servers. I don't get a massive amount of traffic so the DNS lookups should be fine on there.

Theory is:

ns1.example.com will be at one VPS server dns1, ns2.example.com will be at the other dns2.

The DNS on both of the VPS servers should be a copy of the production DNS, so that requests coming to dns1 and dns2 will be resolved directly to production. I wish to update the DNS from production to dns1 and dns2 regularly.

When the Production server is down (checked by regular cron from dns1&2, I can do this fine), I want to switch the DNS to that which is found on backup. The only difference between the two DNS server setups is that the one from backup has the IPs which relate to backup instead of those which relate to production.

Problem is:

I can't figure out how to transfer the DNS setup from production and backup onto dns1 and dns2. I have allowed zone transfers from those IP addresses; in fact I can do 'dig @ns1.example.com domain.com axfr' and see the contents of a single domain.

I've been looking for something like 'bind-export' or similar but can't find anything. How can this be done? I tried copying named.conf and zone files, but the structure seems entirely different between the two servers and I'm not sure what to do with that.

Every tutorial I can find on 'zone transfers' is about stopping them and not using them...

More details:

production and backup run PLESK. All four systems run BIND.

 

Romeo




msg:3484020
 3:07 pm on Oct 22, 2007 (gmt 0)

Hi Vince,

usually zone transfer is done automatically between the zone's Master and Slave DNS BIND servers.

On the secondary DNS server(s) the zone is defined as 'zone type slave' in named.conf then.
All editorial changes to a zone file will be done at the master only, with the slaves left untouched.
Zone transfers are initiated by the slaves automatically according to the zone's Refresh/Retry/Expiry timer values, or ad-hoc on receiving a 'notify' on a changed serial in the master zone file.

how to transfer the DNS setup from production and backup onto dns1 and dns2

What makes your environment difficult and complicated is the fact that you ecxpect your slaves to be able to pull different zones from different masters ('Prod' and 'backup').
Don't know how to do that. AFAIK, there can be only one master, and all nameservers must be specified with your domain name registrar to be delegated in the domain.TLD root zone beforehand. There is no such thing as a 'backup' name server -- either it is there (in the TLD zone) and known and active, or it is not, and fiddling with your registrar with the TLD NS entries may add another level of complication (and additional propagation delay).

Perhaps the following approach may help:

-- DNS should be seen independently from your web services. If you would have one DNS master at a separate server, your capability to change DNS information would not fail when your web server fails.

-- 3 DNS servers: DNS1(master), DNS2(slave), DNS3(slave), each having an NS record in the zone file and listed with your domain name registrar.

-- If your webservice1 fails, you could just reload an alternate zone at the master (with updated serial) to point to webservice2, which would notify any surviving slave to trigger an ad-hoc zone transfer instantly.

-- If your master DNS fails, the slave(s) should survive on their own for several days if you have set the zone's Refresh/Retry/Expiry timer values accordingly. Enough time to decide to bring up the master again, or reconfigure DNS3 to become a new master and change the remaining slaves' config accordingly to point to the new master.

I am no expert, but this would perhaps work for me.
Hope that helps.

Kind regards,
R.

jtara




msg:3484053
 3:38 pm on Oct 22, 2007 (gmt 0)


Production ns1.example.com and ns2.example.com both point at one webserver combined with a DNS server for the same sites

Backup There is also an identical webserver and DNS combination which differs only by IP, and the fact that ns1.example.com and ns2.example.com do not point to it.

I think you are not "getting it" about how DNS works.

You've defeated the redundancy built-in to the DNS system, and now are trying to invent your own way to put it back.

I assume that you have two NS records pointing at different IP addresses on the same physical server. That's not the way DNS was designed to be used.

Point NS1 at one server, NS2 at the other. Note that although one is the "master", there's no master/backup relationship. The "master" is master only insofar as it is the master source of data for zone transfers. Requests will go randomly to one server or the other. If one goes down, yes, there will be delays as browsers try one name server then the other.

There are ways of truly backing-up nameservers. But I'd first move forward from such a basic (broken - if you don't have two physical DNS servers it is broken!) before you do that. IP-Anycast would probably be the preferable way to implement backup.

Running DNS on your web server is asking for trouble. Working-around the requirement to have at least two DNS servers by creating two instances on the same physical machine is asking for more trouble.

vincevincevince




msg:3484576
 2:14 am on Oct 23, 2007 (gmt 0)

jtara and Romeo, thanks for your advice. I am happy to say I now have fixed the problem.

I have two separate DNS servers with different providers on which I'm running BIND on Debian. I put all zone files into a symlinked directory.

I have written some scripts to take the named.conf file from the two webservers (production and backup) and change things such as 'type "master"' to 'type "slave"' and add masters {} records. It then transfers that edited named.conf to the DNS servers (both of them, named according to the server it came from). This happens every 30 mins and is followed by installing the currently used named.conf into the DNS server and restarting BND.

The DNS servers run a cron every five minutes to test if the production server can be accessed via HTTP. If it can't be, then I stop BIND, reassign the symlink which holds the zone files to a 'backup' zone files directory, add the named.conf which originated from 'master->slave conversion' on the backup server, then start bind.

Tested results show that within five minutes to sending back something other than 200 OK from the production server the DNS has changed to the backup server.

The reason I don't want to direct users to the backup server unless the production server is down is because I am not running synchronised databases and sessions.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved