I'm about to do an overhaul of the DNS service at work and my plan is to use powerdns recursor + dnsdist + keepalived.
--- Sent from the Delta quadrant using Borg technology!
On 2019-07-25 14:28, Leroy Tennison wrote:
If you don't want multiple DNS server entries on the client then a master and (possibly multiple) slave server configuration can be set up (I'm assuming ISC DNS - their solution to redundancy/failover is master and slave servers, this may be the way it is with all DNS). keepalived can be used for fail over and will present a single IP address (which the clients would use) shared among the servers. haproxy or alternatives might be another fail over option. Each technology has its own learning curve (and doing this will require at least two) and caveats. In particular systemd doesn't appear to play well with technologies creating IP addresses it doesn't manage. The version of keepalived we're using also has its own nasty quirk as well where it comes up assuming it is master until discovered otherwise, this is true even if it is configured as backup. In most cases this is probably either a non-issue (no scripts being used) or a minor annoyance. But if you're using scripts trigger ed by keepalived which make significant (and possibly conflicting) changes to the environment then you'll need to embed "intelligence" in them to wait until final state is reached or test state before acting or some other option.
From: CentOS centos-bounces@centos.org on behalf of hw hw@gc-24.de Sent: Thursday, July 25, 2019 7:51:39 AM To: centos@centos.org centos@centos.org Subject: [EXTERNAL] [CentOS] how to increase DNS reliability?
Hi,
how can DNS reliability, as experienced by clients on the LAN who are sending queries, be increased?
Would I have to set up some sort of cluster consisting of several servers all providing DNS services which is reachable under a single IP address known to the clients?
Just setting up several name servers and making them known to the clients for the clients to automatically switch isn't a good solution because the clients take their timeouts and users lacking even the most basic knowledge inevitably panic when the first name server does not answer queries. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Harriscomputer
Register now for the dataVoice User Conference, October 9-11 at the Gaylord Rockies in Denver, CO. To register click Herehttps://www.harriscomputer.com/en/events/
Leroy Tennison Network Information/Cyber Security Specialist E: leroy@datavoiceint.com
[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]
2220 Bush Dr McKinney, Texas 75070 www.datavoiceint.comhttp://www..com
This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed herehttp://subscribe.harriscomputer.com/.
If you prefer not to be contacted by Harris Operating Group please notify ushttp://subscribe.harriscomputer.com/.
This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos