two primary's

Kevin Darcy kcd at chrysler.com
Thu Mar 6 03:34:31 UTC 2008 

Robert Spangler wrote:
> On Wednesday 05 March 2008 04:08, Chris Dorsman wrote:
>
>   
>>  Is it possible to have two primary DNS servers within an network?
>>
>>  If not: why not?
>>     
>
> While everyone has his/her opinion on this, I believe you can run 2 master 
> servers together on the same network.  One just needs to be a little clever 
> in doing it.  I have a test lab setup (2 Masters, 4 Slaves) where I have 
> played with this idea and it functions.  The idea is to be able to switch to 
> the second master and make updates without having to make a bunch of 
> configuration changes.
>
> The setup is simple enough, you just have to tell each master that the other 
> is the master of the zone and to notify the other when it is updated.
>
> for example:
>
> Master A's named.conf:
>
>         zone "example.com" IN {
>                 type slave;
>                 file "example.com.db";
>                 notify yes;
>                 also-notify { "B's IP"; };
>   masters { "B's IP"; };
>
>
> Master B's named.conf:
>
>         zone "example.com" IN {
>                 type slave;
>                 file "example.com.db";
>                 notify yes;
>                 also-notify { "A's IP"; };
>    masters { "A's IP"; };
>
>
> NS Servers named.conf:
>
>         zone "example.com" IN {
>                 type slave;
>                 file "example.com.db";
>                 notify no;
>   masters { "A's IP"; "B's IP"; };
>
> Now when ever A is updated it will notify all the other DNS servers including 
> B.  Should A go off line then you can still update B and it will continue to 
> update the slaves.  When A comes back on-line again it will poll B for the 
> latest and it too will be updated with the latest information.  You then can 
> decide to continue updating B or switch back to A and have nothing missing or 
> take the change that you fat fingered something in the config files while 
> switching masters.
>
>   
Important caveat: every time you want to make a change to A, you need to 
ensure that either i) A's copy of the zone is fully sync'ed with B, or 
ii) the changes made to A's zone are a *superset* of the changes which 
were made to B's zone since the last refresh, and the serial  number is 
set sufficiently high to prevent the refresh from happening. And 
_vice_versa_ when making changes to B. Failure to heed these precautions 
may result in your changes being wiped out by the next zone refresh from 
the other "master".

Important caveat: Dynamic Update is not supported in this configuration.

                                                                         
            - Kevin

More information about the bind-users mailing list