PCS, Corosync, Pacemaker, and Bind
bernhardt at bart.gov
Wed Mar 16 17:36:13 UTC 2016
Please confirm that if a DNS query is sent to the virtual address, the reply
will be sourced from the virtual address. The reason for restricting BIND to
a single address was mostly for firewall and administrative simplicity, but
that's not a big deal as long as the same address is used both directions.
The documentation for keepalived isn't very good, but as near as I can tell
it does not support bringing up an application like BIND along with a VRRP
address. Maybe I'm wrong? The cluster.org package works great except for the
lack of an interface, so I've posted over there also to see if it's possible
to build a virtual interface for the IP, but I doubt it.
From: Tony Finch [mailto:dot at dotat.at]
Sent: Tuesday, March 15, 2016 5:40 PM
To: Mike Bernhardt
Cc: bind-users at lists.isc.org
Subject: Re: PCS, Corosync, Pacemaker, and Bind
Mike Bernhardt <bernhardt at bart.gov> wrote:
> I'm setting up a new CentOS 7 DNS server cluster to replace our very
> old CentOS 4 cluster. The old one uses heartbeat which is no longer
> supported, so I'm now using pcs, corosync, and pacemaker.
I suggest having a look at keepalived: it's significantly simpler.
> I want BIND to listen on, query from, etc on a particular IP address,
> which is virtualized. The options currently used are:
> query-source address
> listen-on isn't a big deal, but the source address options are.
Why do you care about the query source address?
I don't set any of those options and just let BIND pick whatever source
address it wants; it might choose the server admin address or the advertised
service address, and that doesn't matter because everything else is
configured to accommodate this.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ Shannon, Rockall:
Southeast 4 or 5, increasing 6 at times in Shannon. Moderate or rough. Fair.
More information about the bind-users