DDNS Issues With Secondary/Slave Configurations
kcd at daimlerchrysler.com
Mon Oct 16 22:32:05 UTC 2006
Lokhandwala Akbar-E15102 wrote:
> Hello All :
> I have a couple of questions related to DDNS and Primary/ Secondary
> Relationship of the DNS Server :
> 1. Is it possible to do a Zone transfer from a Slave Domain Name Server
> to a Primary Domain Name Server. If yes can you please tell me what
> statement will do that trick for me.
> 2. If I have a Master Slave configuration set up for my DNS Server with
> Dynamic DNS , if the Master DNS server goes down , can the Slave DNS
> Name Server perform Dyamic DNS ? I have been seeing errors ( tail -f
> messages ) that it is not able to perform forward update and it fails.
> When I change the type to master from slave in the named.conf file , the
> forward and reverse mapping works for me. But now I have both the DNS
> servers as Master , in which case I cannot perform a zone transfer. How
> do I overcome this problem.
You'd have to reconfigure the slave as a master in that case. With
unmodified BIND, only the master can accept Dynamic Updates.
> 3. The goal is to have a Master/Slave configuration with DDNS working.
> Even if the Master fails then the Slave should take over and continue to
> perform DDNS for new devices/elements joining the network . When the
> Master comes back up , then the Slave should do a Zone Transfer to the
> Master and then the Master should again take the responsibility for
> DDNS. Is this configuration possible.
Fail Over: reconfigure the slave as a master. If you have any
exceptionally-stupid clients that don't do Dynamic Update properly and
will just keep on banging on whatever nameserver happens to appear in
the SOA.MNAME of the zone, even if other servers for the zone are
available, then you might need to fiddle around with SOA.MNAME, together
with pushing out the changes quickly to the slaves shortly thereafter,
just to get their Dynamic Updates going to the right place.
Fail Forward: 1) disable Dynamic Updates on the "temporary master", 2)
obtain the latest zone information from the "temporary master" (using
command-line or scripted zone transfer, scp, rsync, FTP or whatever your
favorite file-transfer mechanism happens to be), 3) bring up the regular
master with the up-to-date zone data, 4) reconfigure the "temporary
master" to be the slave again. Steps #1, #2, #3 should of course be
performed as rapidly as possible, so as not to lose any Dynamic Updates
that arrive in the interim. Step #4 should be performed shortly
afterwards, otherwise the slave may start drifting out of sync with the
master, but it's not usually quite as time-sensitive as the other steps,
since it's not uncommon for a slave to be temporarily out of sync with
the master even under normal circumstances. The exception, of course,
would be if you had to fiddle with SOA.MNAME in the Fail Over procedure,
in order to satisfy stupid clients. For those stupid clients, you'll
have to do that all over again, as quickly as possible, when failing
If this doesn't meet your requirements for Dynamic Update availability,
you may need to look at commercial IP Management products, some of which
have "multi-master" capability. But that's borderline off-topic for this
list (even though some of those products are BIND-based).
More information about the bind-users