Configuring Secondary DNS to Work if Primary is down (Bind)

I have a master slave DNS server setup with bind. The secondary DNS server is working correctly and resolves any queries sent to it.

However, when the primary DNS is down, it seems that the secondary DNS also goes down (Using pingdom to monitor both servers). This is something I don't want to happen, I want the secondary to continue to resolve queries until the master is back up.

I think I am missing a configuration setting of some sort, but my google searches haven't turned up what that is yet. Any help would be appreciated.

Slave Config

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";

In named.rfc1912.zones

zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

zone "0.168.192.in-addr.arpa" IN {
        type slave;
        file "/var/named/slaves/0.168.192.rev";
        // allow-update { none; };
        allow-transfer { 10.10.10.10/32; };
        masters { 10.10.10.10; };
};
include "/var/named/slavezones.conf";

10.10.10.10 is replaced with the master servers actual IP.

I wonder though. The slavezones file is copied from the master (With changes to allow it to run on the slave) on an interval and then the slave is reloaded (/etc/init.d/named reload) to update the config with new zones. Could the reload cause a problem with handling failover?

Best Answer

DNS has no concept of "failover"; it is redundant by design.

If you have two authoritative nameservers for zone X, then both nameservers are independently responsible for providing name resolution for zone X.

For this to happen, both nameservers must have NS records for zone X in the global namespace.

That said, it is hard to see why you have slave zones at all, since there is nothing in your post to indicate that anything is being slaved.

Also consider that public authoritative nameservers should never allow recursion.

Best Answer

Related Solutions

Fedora – Setting Up a DNS Server on Fedora 11

Bind and dns master and slave

Related Topic