I'm about to do an overhaul of the DNS service at work and my plan is to
use powerdns recursor + dnsdist + keepalived.
---
Sent from the Delta quadrant using Borg technology!
On 2019-07-25 14:28, Leroy Tennison wrote:
If you don't want multiple DNS server entries on the client then a
master and (possibly multiple) slave server configuration can be set
up (I'm assuming ISC DNS - their solution to redundancy/failover is
master and slave servers, this may be the way it is with all DNS).
keepalived can be used for fail over and will present a single IP
address (which the clients would use) shared among the servers.
haproxy or alternatives might be another fail over option. Each
technology has its own learning curve (and doing this will require at
least two) and caveats. In particular systemd doesn't appear to play
well with technologies creating IP addresses it doesn't manage. The
version of keepalived we're using also has its own nasty quirk as well
where it comes up assuming it is master until discovered otherwise,
this is true even if it is configured as backup. In most cases this
is probably either a non-issue (no scripts being used) or a minor
annoyance. But if you're using scripts trigger
ed by keepalived which make significant (and possibly conflicting)
changes to the environment then you'll need to embed "intelligence" in
them to wait until final state is reached or test state before acting
or some other option.
________________________________
From: CentOS <centos-bounces@xxxxxxxxxx> on behalf of hw <hw@xxxxxxxx>
Sent: Thursday, July 25, 2019 7:51:39 AM
To: centos@xxxxxxxxxx <centos@xxxxxxxxxx>
Subject: [EXTERNAL] how to increase DNS reliability?
Hi,
how can DNS reliability, as experienced by clients on the LAN who are
sending queries, be increased?
Would I have to set up some sort of cluster consisting of several
servers all providing DNS services which is reachable under a single
IP address known to the clients?
Just setting up several name servers and making them known to the
clients
for the clients to automatically switch isn't a good solution because
the clients take their timeouts and users lacking even the most basic
knowledge inevitably panic when the first name server does not answer
queries.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
Harriscomputer
Register now for the dataVoice User Conference,
October 9-11 at the Gaylord Rockies in Denver, CO.
To register click Here<https://www.harriscomputer.com/en/events/>
Leroy Tennison
Network Information/Cyber Security Specialist
E: leroy@xxxxxxxxxxxxxxxx
[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>
This message has been sent on behalf of a company that is part of the
Harris Operating Group of Constellation Software Inc. These companies
are listed here<http://subscribe.harriscomputer.com/>.
If you prefer not to be contacted by Harris Operating Group please
notify us<http://subscribe.harriscomputer.com/>.
This message is intended exclusively for the individual or entity to
which it is addressed. This communication may contain information that
is proprietary, privileged or confidential or otherwise legally exempt
from disclosure. If you are not the named addressee, you are not
authorized to read, print, retain, copy or disseminate this message or
any part of it. If you have received this message in error, please
notify the sender immediately by e-mail and delete all copies of the
message.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
