Client DNS Cache

Mathias Körber mathias at koerber.org
Tue Nov 14 16:11:51 UTC 2000


> I have a question. The scenario is, I have a primary DNS server and a
> secondary. For redundancy purpose, they are located at a different
> location
> (physical site). Similarly, there is one web server at each site (on
> different networks) and there is no inter connectivity between them.
>=20
> The idea is, the backup site should not be used at all unless the
> primary
> site is down.
>=20
> Lets say, the primary server resolves 10.10.10.10 for the web server =
and
> the secondary DNS server resolves 20.20.20.20 for the web server (each
> one
> resolving for at the local site).
>=20
> As per DNS work methodology, if the primary DNS server is not =
reachable,
> the client would try to reach to the secondary DNS. The assumption is,
> if
> the Primary site is down, the primary DNS would not be reachable. =
Hence

This assumption is already wrong. DNS 'methodology' (a you call it) does =
not
use the secondary nameserver as a backup. Rather they are equal =
authoritative
servers for the same zone. A remote client would not even know the =
difference
or care. And in fact, DNS servers rotate their replies (round-robin), so =
that
the resource records arrive at different places in different order. That =
goes for
the NS records too.

So: A remote client 'randonly'(not really!) selects *any* of the listed =
authoritative
nameservers, and you have not much control over that. (yes: if the =
nameserver a client
tried first does not respond, it willfall backto ask any other =
nameserver listed for
the zone, so you have redundancy as well as crude load-balancing).

The distinction primary/secondary (master/slave) only exists for the =
administrators
of a zone (and the operators of that zone's nameservers). The primary is =
the machine
that has the master copy of the zone, the secondaries download =
(zonetransfer) the zone.

As such, your nameservers should not have different copies of the zone, =
but hand out the
same IP addresses for your webservers. You could have the DNS hand out =
both webservers' IP addresses
(2 A records!), which with ROund-Robin would give you a crude =
load-balancing for your web-servers
too. If you really only want the backup to kick in in times of trouble, =
you may need
to find a different method to manage your webserver backup.

HTH HAND
Mathias

> the
> client will try to reach to the secondary DNS, which will in turn
> resolve
> to a webserver that is residing at the backup location. Now, the worry
> is,
> what if the client is caching the WEBSERVER address? In this case, how
> will
> the DNS client behave? Will this behaviour differ depending upon the
> client? I mean, WIN95, Solaris, Linux, NT, etc.. If the web server IP
> address is picked up from the client cache, and if it fails, will it
> always
> return "host unrechable" message or will it try to reach to the =
primary
> or
> the seconday DNS?
>=20
> Please help.
>=20
> Thanks.
> Rizwan.
>=20
>=20
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>=20
>=20




More information about the bind-users mailing list