DNS server on multisite environment?
Tim Peiffer
peiffer at umn.edu
Fri Aug 19 10:41:04 UTC 2005
John,
As indicated by Mark Andrews, most of what you are asking for is a
normal function of the DNS. There are a couple options for doing the
edits. You should manage your DNS from a well connected machine and use
as central base of operations. The first option is that you can use
methods such as rdist, or rsync to keep multiple primary DNS servers up
to date; as long as they are in sync, there is no issue. We did this
for years. The alternative (really the preferred route) is to allow
bind to handle this normally through asynchronous zone transfers
(AXFR). Set up your central server as a stealth master, and have all of
your local servers as secondaries. When the central server
(primary/master) is update, the secodaries for the zone are sent a
NOTIFY, and the secondary schedules an AXFR transfer of the zone.
Can I suggest that you research IP Anycast - RFC 1545 and 2101.. Use
exactly the same public IP address and have the routing table (closest
hop count wins) decide the best path to your public IP address. The
root nameservers have been doing this for years to deliver 'N' servers
in 'N' countries all with the same name and address. What we do is to
implement local cache servers as Anycast, configure the well known
address (what the resolvers point to) as a virtual IP alias, point
client resolvers to them, and allow the central servers to operate
normally. Client resolvers can take upwards of 5 seconds roll to the
backup - consider that is each query has to determine that the initial
server has gone down and retransmit the query to the backup. With
Anycast, you keep failures local to the sphere of operation. If you
have monitoring of the server's ability to service DNS automatically
pull the anycast servers route from the routing table, complete failover
is determined by how long it takes for your monitoring to provide the
action, and then only depends upon route convergence time. With modern
routing protocols, the total convergence is measured in seconds. With
Anycast, you can completely remove a machine from service for hours or
days, and still not have a loss of service.
Reference:
http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www.net.cmu.edu/pres/anycast/&ei=qsjzQuGEL6j2RdXCqKoC
http://www.google.com/url?sa=t&ct=res&cd=4&url=http%3A//nms.lcs.mit.edu/%7Edina/pub/Katabi-350.pdf&ei=qsjzQuGEL6j2RdXCqKoC
http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www.zurich.ibm.com/%7Erha/papers/anycast-gi98.pdf&ei=WcjzQqVSyNZFtdullgI
Tim Peiffer
University of Minnesota
Networking and Telecommunications Services
More information about the bind-users
mailing list