[dns-operations] Multi-master setups

Mon May 20 16:52:06 UTC 2013

rsync sounds like a fine solution, the problem imo, is what happens when
something goes wrong, when a file transfer fails.

right now i'm thinking about not rsync'ing the zone files by eash one,
but rsync a tar file with all the zone files, so if it fails, it fails
atomically (i know that this works for me, but other may prefer other
failure modes)

as a crude verification mechanism i was planning on naming the tar file
with the sha-256 hash of the tar file

cheers!

~Carlos

On 5/20/13 1:34 PM, Bob Harold wrote:
> Syncing between the two servers would seem to only help in the case
> where the masters could only reach the first server, but your slaves
> could only reach the second server, which seems unlikely, unless the
> second distribution server is closer (network-wise) to the slaves.
> 
> I would continue to push for 100% allow-transfer, and set up automated
> cron jobs to test and send email for those that are not working.
> 
> I plan to use a similar setup, but fortunately I only have about a dozen
> masters to contact, so it will be much easier for me.
> 
> The only 'clever' alternative I can think of is to change the IP of the
> second distribution server to take over the IP of the first server if
> the first one fails.  It helps if each server has a second IP that is
> separate.
> 
> -- 
> Bob Harold
> DNS, University of Michigan
> 
> 
> On Sat, May 18, 2013 at 8:00 AM,
> <dns-operations-request at lists.dns-oarc.net
> <mailto:dns-operations-request at lists.dns-oarc.net>> wrote:
> 
>     Message: 1
>     Date: Fri, 17 May 2013 16:53:09 +0200
>     From: Anand Buddhdev <anandb at ripe.net <mailto:anandb at ripe.net>>
>     To: dns-operations at mail.dns-oarc.net
>     <mailto:dns-operations at mail.dns-oarc.net>
>     Subject: [dns-operations] Multi-master setups
>     Message-ID: <51964455.9060904 at ripe.net
>     <mailto:51964455.9060904 at ripe.net>>
>     Content-Type: text/plain; charset=ISO-8859-1
> 
>     Dear DNS folk,
> 
>     I'm thinking about multi-master setups to add some resiliency to our DNS
>     infrastructure.
> 
>     In our specific case we have a distribution server which slaves several
>     zones from various different parties. They also send notify messages to
>     this server. Once it transfers a zone, it sends notify messages to our
>     public-facing DNS cluster, and they all transfer the zone from it.
> 
>     Obviously, this single distribution server is a single point of failure,
>     and I'd like to get rid of it.
> 
>     The simplest solution is to add a second server to our infrastructure,
>     with an identical zone configuration, so that it is also a slave for all
>     the same zones. It would also transfer zones directly from the masters,
>     and provide AXFR/IXFR to our cluster.
> 
>     Adding a second distribution server has management overhead though. We
>     have several hundred masters, and even after contacting all of them, we
>     will never have a 100% clean setup where the master allows zone
>     transfers for both our distribution servers. So if I want to ensure that
>     both our distribution servers hold identical copies of zones, then I
>     would ideally want them to notify each other, and pull zones off each
>     other as well. Do any of you do this?
> 
>     Aside from this idea, are there any other clever ideas people have
>     implemented?
> 
>     Regards,
> 
>     Anand Buddhdev
> 
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 