LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-30-2016, 01:45 AM   #1
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Kubuntu 20.04 on workstation, CentOS 6.x on servers
Posts: 1,181

Rep: Reputation: 47
Easiest way to mirror a DNS server


I want to setup a secondary DNS on my local network as I realized it's needed if my VM or file server is down, as the DNS server is in a VM.

Everything I'm reading seems to indicate you still have to configure stuff on a per domain basis, ex you have to create individual domain zone entries on the backup. Is there a way to set it up so it actually does a full mirror?

Is there any reason I can't just setup two regular DNS servers and just have a rsync job to copy records/config over to the backup?
 
Old 05-30-2016, 03:55 AM   #2
Keruskerfuerst
Senior Member
 
Registered: Oct 2005
Location: Horgau, Germany
Distribution: Manjaro KDE, Win 10
Posts: 2,197

Rep: Reputation: 164Reputation: 164
The DNS Server is on a VM?
Strange.

When you want to setup a mirror DNS server, then you should ask ISC.

Good luck....
 
Old 05-30-2016, 04:29 AM   #3
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Kubuntu 20.04 on workstation, CentOS 6.x on servers
Posts: 1,181

Original Poster
Rep: Reputation: 47
Not sure what is so strange about having it in a VM, it's a rather low resource box that did not really benefit from having dedicated hardware so I virtualized it when I setup my VM envornment. Unfortunately I kinda overlooked the whole thing where the hardware still needs DNS to be alive when booting up, ex: to mount the stores (by name), so I will end up needing it on hardware in addition to the VM. I could just move it completely to hardware but I figure I should have two anyway. I have a physical server that handles my home automation stuff so I'll just throw it on there to act as backup.

Not sure what you mean about your last sentence. What is ISC?
 
Old 05-31-2016, 02:56 AM   #4
Keruskerfuerst
Senior Member
 
Registered: Oct 2005
Location: Horgau, Germany
Distribution: Manjaro KDE, Win 10
Posts: 2,197

Rep: Reputation: 164Reputation: 164
I would use a single computer for that purpose.
And not a VM.

How many computers have to be fed with the DNS information?

Last edited by Keruskerfuerst; 05-31-2016 at 03:55 AM.
 
Old 05-31-2016, 06:34 AM   #5
Elizine
Member
 
Registered: Aug 2015
Posts: 54
Blog Entries: 1

Rep: Reputation: Disabled
Is your existing DNS AD-integrated? If so, and if the new server is a non-domain controller, you will need to configure a secondary zone on the 2nd server, and configure the 1st DNS server (the DC) to allow zone transfers to the IP address of the new server. You will then need to configure your client computers to use the DC as their preferred DNS server and the member server as the alternate DNS server.
 
Old 05-31-2016, 10:40 AM   #6
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,244
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
If you are using bind then simply setup one as root and the other as slave. The root will update the salve as needed provided your setup is correct.
 
1 members found this post helpful.
Old 05-31-2016, 10:51 AM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
I've been known to rsync from Master to slave and turn it on with "minimal" edits.

Sorry, soley Secondary Zones, so no mirroring.

Last edited by Habitual; 06-01-2016 at 10:45 AM.
 
Old 05-31-2016, 06:33 PM   #8
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Kubuntu 20.04 on workstation, CentOS 6.x on servers
Posts: 1,181

Original Poster
Rep: Reputation: 47
No AD this is strictly a Linux environment. The problem with setting one as slave is you still have to configure each individual zone too, unless there's a way to tell it to be a full mirror? The tutorials I found seem to indicate you still have to setup each zone on both servers. It kinda defeats the purpose if I have to do the work twice every time I add/delete a zone. I have maybe 30 or so zones.

I'm aiming towards the rsync route and just having them both run as regular servers, just wondering if there's any reason not to do it that way.
 
Old 05-31-2016, 09:28 PM   #9
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,432

Rep: Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496
Keep it simple

I have used OpenVZ on two servers (hardware) each with a guest. The primary was set up first, then the secondary created by making a 'clone' of the primary. The clone was then migrated to the other OpenVZ server and configured as secondary, and the permissions set in the primary to allow it to replicate out to the secondary. From then on they stayed in sync for YEARS.

In server space, we would make certain that the two physical machines were in different racks. We kept and off-site backup of the primary and a continuity document detailing certain configuration data about each and the restore path in case of partial or total failure.

I see no reason why the same basic plan would not work with nearly any kind of virtualization. Use as much or as little of the plan as you need for your purpose.
 
Old 05-31-2016, 10:21 PM   #10
Doug G
Member
 
Registered: Jul 2013
Posts: 749

Rep: Reputation: Disabled
One more thought, using rsync to copy zone files wouldn't work if you configure bind to use a database for storage.
 
Old 11-06-2016, 12:43 AM   #11
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Kubuntu 20.04 on workstation, CentOS 6.x on servers
Posts: 1,181

Original Poster
Rep: Reputation: 47
I ended up just using rsync, and it turned out to be fairly straightforward. Basically I copy over the zones.conf file (a file I created myself just to organize all the zone declarations in a single file) and the zones folder, which all the actual zones are in.

So the script copies those two files, then executes a script on the secondary to chown them as named because the operation will make them owned as root (WHY does Linux not have permission inheritance is beyond me, but that is a whole other story) and then restarts the named service. I have it setup to do this once a day.

I do find it odd that there is not something built into the DNS specification to do this though, as the existing zone transfer mechanisms are kinda useless given you still have to set it up on a per zone basis. The whole idea is that you should only need to do edits on the primary box and it replicates.

Either way got it working nicely now, as far as I can tell. I started adding the secondary DNS to most of my servers. Any ones I missed I can do later on as required. Primary DNS is the VM, secondary is the hardware box.

Now I don't have to worry about my file or VM server going down again. That sucked. :P
 
Old 11-07-2016, 07:56 PM   #12
MadeInGermany
Senior Member
 
Registered: Dec 2011
Location: Simplicity
Posts: 1,459

Rep: Reputation: 665Reputation: 665Reputation: 665Reputation: 665Reputation: 665Reputation: 665
The rsync running as root should also copy the owner/permission.
I.e. if the original owner is named then the copied file gets owner named if you have the rsync -a option. See "man rsync".
--
I wonder if the role in the copied config should be changed from master(primary) to slave(secondary).
The zone files are copied automatically if the slave knows the master and vice versa. But you need a script to make these changes.
--
You are right, Bind 9 does not have a full builtin administration. Either you create your own scripts or you buy a commercial solution (that also comes with an admin gui or Web interface and an import/export API and ...).
--
The risk with DNS on a VM guest is if the VM host depends on its DNS service.
Having a copy on a HW server, and having it in each resolv.conf eliminates the risk.
 
Old 11-08-2016, 04:48 PM   #13
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Kubuntu 20.04 on workstation, CentOS 6.x on servers
Posts: 1,181

Original Poster
Rep: Reputation: 47
Actually I was thinking that too, is there a master/slave designation I need to add somewhere? What setting do I put for that and where do I put it? The way I did it, the actual named.conf file does not get copied as the zones are in an include file, so it would not be too hard to change a setting in named.conf and have it stay the same.
 
Old 10-30-2017, 07:23 PM   #14
Red Squirrel
Senior Member
 
Registered: Dec 2003
Distribution: Kubuntu 20.04 on workstation, CentOS 6.x on servers
Posts: 1,181

Original Poster
Rep: Reputation: 47
Ok so this did not work so well. I had another incident that involved the primary DNS going down, and half of the clients were not failing over properly. They were still trying to do name resolution using the primary which was down. It was very sporadic, as sometimes it did work.

So it seems doing it with rsync the way I'm doing it is not right as it does not fail over like it should. Is there any other way to setup a redundant DNS without having to configure zone transfers for every single zone? I just want the secondary DNS to be an exact mirror of the other, and for clients to fail over properly to that one if the primary goes down.

Failing that, I'm thinking of setting up two Raspberry PIs that have the same IP address, then if the first one goes down, the other one would just bring it's interface online. I could use a USB dongle to have a separate interface that is always online for management purposes. Basically they would just monitor each other. IF the B side detects that the A side is not working it flips the A side interface off and B side interface on. A would monitor B and do the same if B goes down. Essentially they would be a mirror but only one runs at once. Think this would work? That way I only need to configure 1 DNS IP on clients and they probably won't know the difference if the A or B side is online, correct? Right now I have two DNS IPs in the clients but if the first one fails it still tries it anyway and waiting for timeouts causes massive network slowdowns.

Last edited by Red Squirrel; 10-30-2017 at 07:25 PM.
 
Old 10-30-2017, 08:00 PM   #15
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,432

Rep: Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496Reputation: 1496
For that kind of failover to work seemlessly, and not add a resolution delay, the secondary has to be able to take over the IP address of the primary. I have used virtual networking and some HA scripts for this kind of thing in the past. There may be a "canned" solution, but I am not aware of one.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to configure another dns server to combine use with primary current dns server. hocheetiong Linux - Newbie 1 05-29-2008 06:57 PM
LXer: Find out DNS Server Version With DNS Server Fingerprinting Tool LXer Syndicated Linux News 0 12-21-2007 05:30 PM
LXer: Find out DNS Server Version With DNS Server Fingeprinting Tool LXer Syndicated Linux News 0 12-21-2007 04:50 PM
Mirror DNS Zones/named (4 different servers/locations) ftw Linux - Networking 5 03-15-2006 07:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration