DNS server on multisite environment?

Tim Peiffer peiffer at umn.edu
Fri Aug 19 10:41:04 UTC 2005


John,

As indicated by Mark Andrews, most of what you are asking for is a 
normal function of the DNS.  There are a couple options for doing the 
edits.  You should manage your DNS from a well connected machine and use 
as central base of operations.  The first option is that you can use 
methods such as rdist,  or rsync to keep multiple primary DNS servers up 
to date; as long as they are in sync, there is no issue.  We did this 
for years.  The alternative (really the preferred route) is to allow 
bind to handle this normally through asynchronous zone transfers 
(AXFR).  Set up your central server as a stealth master, and have all of 
your local servers as secondaries.  When the central server 
(primary/master) is update, the secodaries for the zone are sent a 
NOTIFY, and the secondary schedules an AXFR transfer of the zone.

Can I suggest that you research IP Anycast - RFC 1545 and 2101..  Use 
exactly the same public IP address and have the routing table (closest 
hop count wins) decide the best path to your public IP address.  The 
root nameservers have been doing this for years to deliver 'N' servers 
in 'N' countries all with the same name and address. What we do is to 
implement local cache servers as Anycast, configure the well known 
address (what the resolvers point to)  as a virtual IP alias, point 
client resolvers to them, and allow the central servers to operate 
normally.  Client resolvers can take upwards of 5 seconds roll to the 
backup - consider that is each query has to determine that the initial 
server has gone down and retransmit the query to the backup.  With 
Anycast, you keep failures local to the sphere of operation.  If you 
have monitoring of the server's ability to service DNS automatically 
pull the anycast servers route from the routing table, complete failover 
is determined by how long it takes for your monitoring to provide the 
action, and then only depends upon route convergence time.  With modern 
routing protocols, the total convergence is measured in seconds.  With 
Anycast, you can completely remove a machine from service for hours or 
days, and still not have a loss of service.

Reference:
http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www.net.cmu.edu/pres/anycast/&ei=qsjzQuGEL6j2RdXCqKoC 

http://www.google.com/url?sa=t&ct=res&cd=4&url=http%3A//nms.lcs.mit.edu/%7Edina/pub/Katabi-350.pdf&ei=qsjzQuGEL6j2RdXCqKoC 

http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//www.zurich.ibm.com/%7Erha/papers/anycast-gi98.pdf&ei=WcjzQqVSyNZFtdullgI 


Tim Peiffer
University of Minnesota
Networking and Telecommunications Services



More information about the bind-users mailing list