bind at wingenbach.org
Wed May 7 18:11:40 UTC 2014
I run a multi-master environment. We have 3 data centers which are
considered to be able to run even though the rest are down. Initially,
we ran our masters with the same exact configurations on each. One of
the data centers was administratively defined as being the 'update
master'. From there, any changes were first done locally and then
rsync'd to each of the other data centers. Once in place, rndc reload
was executed to pick up the changes on all of the masters. However,
with the dawning of DNSSEC, that became problematic.
Later we moved to dynamic updates and simply sent the update commands to
each master separately. That worked but still resulted in issues with
resyncing the zones after one of the data centers was out of communication.
Now we have moved to one 'update master' and the rest being slave
masters. When we want to change the update master, we have scripts
which make the needed mods in the zone configurations and then restart
named. It's not the prettiest method but it does provide the single
point of update, automatic recovery if one of the datacenters is not
reachable and full support of DNSSEC. There is no issue with zone file
format as the zones are kept in text format and upon conversion to
slave, we touch each of the files to prevent the new slave from expiring
the zones immediately.
On 5/6/2014 2:20 PM, Baird, Josh wrote:
> For those of you who operate at multiple sites or datacenters, are you doing any HA for your BIND masters? Ideally, we would have a master in each datacenter; maybe not an active one, but one that is standing by in case your primary master becomes unavailable.
> Do you have multiple "active" masters and list them as master in each of your slave's zone definitions? This seems like it could get rather messy. One thought is to use a technology like VMWare SRM which will spin up a master/virtual machine automatically in a second datacenter if your primary master goes down. This coupled with Layer2 connectivity between your sites could make things fairly simple. The standby/secondary master would retain the same IP address as your primary, so everything should just *work*.
> What are others doing? Any thoughts, ideas or advice is much appreciated.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users