HSRP-like virtual DNS services.

Kevin Darcy kcd at daimlerchrysler.com
Sat Sep 4 03:19:35 UTC 2004


Phil Hoenig wrote:

>Hi all,
>
>I'm looking at upgrading our DNS servers and, if possible, would like
>to have some sort of redundacy set up such that if any one machine went
>down the service itself would still continue. 
>
>A possibility is to have two machines behind a load sharer of some
>sort, but that load sharer itself then becomes a single point of
>failure, so there'd have to be two of those. This leads to at least
>four machines for each of our three services (which I want to keep
>separate so that a DOS against one is not a DOS against the others) and
>I'm not sure I can justify the resources to purchase, set up and
>maintain a dozen machines. I'm also not sure how that sort of thing
>would work when other very important services are on the same subnet
>(it seemed like a good idea at the time - over a decade ago) and
>changing the IPs of these services would be painful.
>
>A DNS analogue to Cisco's HSRP seems like a good solution. Two DNS
>servers each with their own IPs on the same subnet would pretend to be
>a third, with the first doing all the work whilst the second monitors
>the first and takes over should the first have any difficulties. I'd
>imagine that there should be a wrapper script around named similar to
>that mentioned in <http://www.isc.org/pubs/tn/isc-tn-2004-1.html> so
>that a machine with DNS probems will appear to be a machine off the air
>and that there'd have to be some work to keep these machines
>synchronised and have their zone transfer request appear to come from the
>virtual service.
>
>Presumably this sort of thing's been done before but I can't find much
>useful documentation on the matter. What term should I be Googling for?
>(The hardware and OS haven't been purchased as yet so they can be
>whatever's suitable.)
>
Most nameserver implementations, including all of the popular ones, are 
already pretty good at load-balancing and failover, using RTT 
calculations of queries and responses. So I'm not really sure you need 
all of the redundancy that a load-sharing/load-balancing scheme provides 
unless you're handling a *lot* of load with a significant number of 
backend nameservers. We're moving towards putting our Internet-facing 
nameservers behind load-balancers, but that's mostly just to give us the 
flexibility to add/change/delete nameservers without having to redo our 
delegation records....

- Kevin





More information about the bind-users mailing list