Questions After a DNS Server Crash
brad at stop.mail-abuse.org
Mon Jun 27 15:05:17 UTC 2005
At 9:19 AM -0500 2005-06-27, Martin McCormick wrote:
> There appears to be an issue with FreeBSD and probably many
> other UNIXen that won't let you bring up a secondary interface on the
> same network with the same subnet mask.
Actually, there are *nix OSes that do okay on this task. I'm
pretty sure that Solaris wouldn't have a problem, and there might be
Of course, when taking over IP addresses, you will have an ARP
cache issue, and at least some timeouts that have to be resolved.
Some machines are configured to abso-bloody-lutely freak out if an IP
address moves from one MAC address to another, so make sure you're
tuned in to these issues.
If you were to have problems like this in a large company and an
IDS box wigged out and called the cops, you'd have a hard time until
the Network Manager, the Director of Operations, and maybe the
President and/or CEO arrived at the office at oh-crap-dark-thirty, or
worse yet -- arrived at the police station.
This is one of the reasons I like putting things behind Layer 4
load balancing switches, and having those switch IP addresses be the
ones that get published. That way, when a machine behind the switch
dies, you might get an e-mail about the problem when you come into
the office in the morning, but everything else should "just work",
and the traffic should automatically get routed to other servers,
> Ah, for the day when we can have a massive cluster of boxes
> that all run one instance of bind so that when one bites the dust, the
> rest just slow down a little and only us network folks notice.
With a properly configured load-balancing switch setup, that's
pretty much what happens.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users