Questions After a DNS Server Crash

Brad Knowles brad at stop.mail-abuse.org
Mon Jun 27 15:05:17 UTC 2005 

At 9:19 AM -0500 2005-06-27, Martin McCormick wrote:

>           There appears to be an issue with FreeBSD and probably many
>  other UNIXen that won't let you bring up a secondary interface on the
>  same network with the same subnet mask.

	Actually, there are *nix OSes that do okay on this task.  I'm 
pretty sure that Solaris wouldn't have a problem, and there might be 
others.

	Of course, when taking over IP addresses, you will have an ARP 
cache issue, and at least some timeouts that have to be resolved. 
Some machines are configured to abso-bloody-lutely freak out if an IP 
address moves from one MAC address to another, so make sure you're 
tuned in to these issues.

	If you were to have problems like this in a large company and an 
IDS box wigged out and called the cops, you'd have a hard time until 
the Network Manager, the Director of Operations, and maybe the 
President and/or CEO arrived at the office at oh-crap-dark-thirty, or 
worse yet -- arrived at the police station.


	This is one of the reasons I like putting things behind Layer 4 
load balancing switches, and having those switch IP addresses be the 
ones that get published.  That way, when a machine behind the switch 
dies, you might get an e-mail about the problem when you come into 
the office in the morning, but everything else should "just work", 
and the traffic should automatically get routed to other servers, 
etc....

>  	Ah, for the day when we can have a massive cluster of boxes
>  that all run one instance of bind so that when one bites the dust, the
>  rest just slow down a little and only us network folks notice.

	With a properly configured load-balancing switch setup, that's 
pretty much what happens.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-users mailing list