Primary - Secondary Replication not stable
Brought to you by:
achaldhir
Menu
▾
▴
#20 Primary - Secondary Replication not stable
open
nobody
None
5
2015-03-31
2012-04-28
Anonymous
No
V6.93
Primary - Secondary Replication not stable
Errors in both directions, primary says it does not need and ignores DHCP updates from secondary.
AND
Secondary pulls more records from the zone xfer than it actually uses, including ignoring RRs from primary.
SOMETIMES secondary sees leases from both primary and secondary, put they soon disappear (less than lease time).
Note: both servers in same time zone with synced clocks.
Behavior in general, 2 class c LANS, 10.111.112.0 and 10.111.113.0, servers are authority for xyz.com=111.10.in-addr.arpa.
DHCP and DNS running on both subnets connecting by a working and stable VPN, DHCP works fine, all issues related to not replicating properly.
THIS bug lead to attempting a different configuration:
Setting both DNS servers 10.111.112.0 and 10.111.113.0 to primary, no replication and using child servers to resolve machines on the other LAN from where they were requested, address space for both servers is still xyz.com=111.10.in-addr.arpa.
This does not work because both servers are set with child server entries of xyz.com=<the other DNS servers's IP>, this works as long as the second DNS server finds the request, if it does not it asks the first DNS server for it, who asks the second again, it a loop. (Could possibly be fixed by not doing child lookups on forwarded (proxied) requests.
Note: this is an interesting DNS topology that could provide non replicated, non failsafe, but functional DNS in an environment with more than 2 subnets where DHCP and DNS runs locally on each subnet and all the other DNS servers on the different subnets are configured with all the other servers as children...The behavior where a child DNS server does another child DNS lookup would need to be fixed, and the allowed child servers for a domain increased from the 2 allowed in configuration currently.
Ended up with less than desirable config of 2 different authorities set for both servers
loca.xyz.com=112.111.10.in-addr.arpa on one server
and
locb.xyz.com=113.111.10.in-addr.arpa on the other
this works, though has undesirable characteristics, a machine that physically moves between the LANS changes address from machine.loca.xyz.com to machine.locb.xyz.com when it moves from LAN a to LAN b.
Finally, I think the most desirable configuration for replicated, fail-safe operation of multiple DNS servers (perhaps limited to 10), more than two in any case, running on different subnets or not, is the following: All DNS servers are configured as authority for example xyz.com=111.10.in-addr.arpa
a new config section of [DNS_CLUSTER] or is added which lists all the IP address of the DNS servers in the cluster.
periodically on seperate worker thread, (default 30 seconds) a zone xfer check is made to all of the other servers in the cluster using the serial number mechanism.
The result would be n servers all acting as PRIMARY authority for a zone, and all acting as secondary servers for each other.
This is similar to how you are trying to get Dual Server to work, with pull/polling instead of event driven, and instead of one primary acting one way and one secondary acting a different way, there are up to 10 DNS servers all acting the same way.
Please send me the sketch of your architechture, with detail info. I cant figure out much from above.
Thanks
Achal
These are very stable in versions 7.xx