I have two webservers and plan on adding more. I'm using BIND as a Master Nameserver on each. The issue is that I plan on adding more Servers and need some way to propagate DNS records between each server. Each server MUST be a DNS Master BIND server due to limitations of my configuration.
I've tried setting up two BIND Forwarding Nameservers and setting my NS records to the IPs of these forwarders. It seemed to work well, but DNS checking reports that these servers are Non-Authoritative; is that an issue I should be concerned with?
The second issue is that my forwarding nameservers sometimes would fail to resolve. I don't remember the exact error but the log stated something like RCONFAIL or RFAIL when contacting the master nameserver's IP.
So, the question is – how would a sane sysadmin structure their DNS servers to only use 2 NS records (ns1.domain, ns2.domain) with multiple DNS Master servers on the backend?
Best Answer
Instead of trying to trick BIND into behaving authoritatively while serving records from elsewhere (and still having a single point of failure for those records), centralize your zone data into a configuration management system and distribute it to all of your authoritative DNS servers with that configuration management.
All of the BIND servers will have a copy of the zone and be authoritative because they aren't depending on an external source of the data, and your updates will be sent to all servers automatically by the configuration management.