Failover static and dynamic lease

Marcos Renato da Silva Junior marcosjr at dee.feis.unesp.br
Thu May 26 18:01:51 UTC 2016 


Em 26-05-2016 04:03, Simon Hobson escreveu:
> Marcos Renato da Silva Junior <marcosjr at dee.feis.unesp.br> wrote:
>
>>> For dynamic ranges you have choices.
>>> "Failover" is one approach. With some caveats in terms of managing state, this allows one or other server to carry on if it's partner fails - leaving all clients with the same address.
>>> If you have enough addresses, and don't mind hosts changing address if a server fails, then you can just configure two (or more if you want) servers with non-overlapping ranges. If a server fails, then clients will be unable to renew leases and will eventually get a new lease (different address) from another server. For this to work, you need enough addresses that if a server fails, the other server(s) have enough addresses to service all the clients.
>> In my case the second choice also work well.
>>
>> My project is to use two Raspberry Pi to manage my home network.
>>
>> So no problem with hosts changing address and enough addresses.
> A couple of things to bear in mind.
>
> BIND doesn't have the ability (AFAIK) to run a master/master system with failover. So regardless of what you do with DHCP, DNS will always have a single master - and if that goes down, DDNS updates will fail but the slave will be able to continue serving it's copy of the zone. Ie, with the master down, the DNS zone will still be served, but won't get updates.

After configure failover in my environment these are my observations.

I do not know if they are correct.

server1 : DNS (master) + DHCP failover with DDNS
server2 : DNS (slave)    + DHCP failover with DDNS

If server1 fail, DDNS updates fail, but DNS queries and forwarding still 
working and DHCP still delivering IPs (server2).
If server2 fail, DNS queries, forwarding and DDNS update still working 
and DHCP still delivering IPs (server1).

If only DHCP service on server1 fail, DNS queries, forwarding and DDNS 
update still working and DHCP still delivering IPs.
If only DNS service on server1 fail, DDNS updates fail, but DNS queries 
and forwarding still working and DHCP still delivering IPs.

Given the options, I think this is the best choice.

>
> If you use the second option of two independent DHCP masters, then DNS updates may work "oddly". If a client is unable to renew it's lease with one server, it'll get a lease from the other. So say A is down, B will attempt a DDNS update - but this will fail because the DNS entry is "owned"* by server A. Only when A expires the lease and removes it's DNS entries will B be able to replace them next time the client renews.
>
> So in practice, DDNS won't work well in a failure scenario as clients will change address but their DNS entries won't follow suit.
>
> * This is what the TXT record is for. It's a hash allowing a server to identify if it was the server that put a DNS record in - and it'll refuse to remove/replace one that doesn't "belong" to it.

Later I thought the same, so I used failover.

> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

-- 
Marcos Renato da Silva Junior
Universidade Estadual Paulista - Unesp
Faculdade de Engenharia de Ilha Solteira - FEIS
Departamento de Engenharia Elétrica
15385-000 - Ilha Solteira/SP
(18) 3743-1164

More information about the dhcp-users mailing list