What would be happen if one of two dns was down?

Tue Aug 12 15:44:02 UTC 2008

On Tue, 2008-08-12 at 06:42 +0000, MontyRee wrote:
> So thanks for kind answer.
> 
> 
> Additional questions below.
> 
> 
> >> Hello, all.
> >>
> >>
> >> I have operated two dns(primary and secondary) for one domain like below.
> >>
> >>
> >> example.com IN NS ns1.example.com
> >> example.com IN NS ns2.example.com
> >>
> >>
> >> and there was a event that ns1.example.com dns was down.
> >> As I know, if ns1 dns is down, all requests go to the ns2.example.com.
> >
> > Depending on what 'down' means, it could take some time before
> > the request is sent to ns2. So there will likely be a delay, even
> > if not much (it will feel like forever to some users).
> 
> 
> my 'down' means that system down so can't ping to server.
> 
> 
> >> But when ns1.example.com dns was down, actually some people can't lookup the domain.
> >
> > Sounds like a configuration issue. However realize there is a zone
> > cache and if ns2 is slaving zones of ns2 (typical bind master slave
> > scenario) and the zone cache expires, then ns2 will refuse to
> > trust the slaved zone it had... and thus nothing works.
> 
> 
> Sorry, I can't understand what you said.
> actually the master dns server(system) down time was just a hour and slave dns
> works well without any problem, but at that time some can connect but some said that
> they can't resolve the domain at all.

The slave will answer queries for the zone until the zone TTL expires
in which case if cannot contact the master, the zone will go effectively
dead.

I think I used some bad "terms" in my explanation.  Basically
there is an expiration ttl for which a slave will consider its
data to be good.  After that, it will need to hit the master.

(I trip up on using the right words)

The value is often set to 2 weeks or more.  But if the master is
down for a LONG time... you'll lose it all eventually (the slave
won't answer for that zone anymore).

If you're seeing this problem after a short period of time, that's
likely NOT the cause unless somebody set the expiry in the SOA
to something really small.

Caching in DNS is a wonderful thing, but can cause scenarios where
resolution is working for one and not for another (because of
the various Time To Live values and the time of last query/cache).

Can you give us a feel for the amount of time between the failure
and the problem?  Is it almost immediate?  If so, then it's some
other kind of configuration issue (unless, as I said the zone was
just totally miconfigured).  Can you post the SOA for the zone?

> 
> 
> It means, dns failover doesn't works well?
> and some resolver or some bind version, insist querying for the downed dns server?

Usually the client resolver is looking to query multiple nameservers, if
the first one is down, it moves onto the next and so on.  Failover works
fine in this style (normally).  Of course, a client might NOT be aware
of more than one nameserver... in which case there is no failover (duh).

...
> 
> So thanks for your help again..

Did I explain it better this time?