Fault Tolerant DNS

Why i need more than one single server?

Maintenance

If your name server is down because of a failure (soft or hard), or even if you want to reboot this server for an upgrade, you can't resolve any addresses anymore.

Thats why you need at least two servers.

Configurations

Master Slave

A second server received all modifications from the master and serves it.

For a resolver, master and slave are identical.

It is a good choice if you have a few servers or computers in the network.

Master and two slaves

If you have lots of computers or if you serve lots of requests, a better choice is to dissociate the database and the service. You edit and modify the zones files, the master send this zone informations to slaves, and those slaves serve it.

An IP alias for DNS services

It's like master and two slaves, but we don't use the ip address of slaves servers to access the DNS service. we add a service ip in one of the slaves. this ip can be managed by a cluster infrastructure like ipvs or HA-Cluster or basically by heartbeat service.

Setup a Master-Slave DNS

What does it means for a client (aka all computers)

Not very different from an only master server except for the file /etc/resolv.conf that must have 2 servers entries, one for each IP. Of course it's on two differents physicals servers, it will be useless to do it in two virtual from the same server.

What does it means for the master server

The zone sections are identicals, the changes are only in the options sections. we must add a allow-transfert line.

options {

  directory "/etc/bind";

listen-on { any; };

  allow-query { any; };

  allow-transfer { any; };

  pid-file "/var/run/named/named.pid";

};

What does it means for the slave server

The options section is identical, only the zone section must be changed. the type of the zone must be slave, and we add a new entry masters with the address of the dns master.

Usually we put primary (master) zone file in pri folder, and secondary(slave) in sec folder.

zone "my.zone.tld" IN {

type slave;

file "sec/my.zone.tld.zone";

masters {

10.0.0.1;

};

};

Problems

In the resolv.conf file, we have the entries of ns1 and ns2 servers, but if the first server is down, all requests will failed before resend to the second entry.

A good idea is to have a "virtual" entry for the resolver. there a many possibilities for that.

Software

• keepalived http://www.keepalived.org/
• ucarp http://www.ucarp.org
• ipvs http://linuxvirtualserver.org/
• ...

Hardware

• F5 http://www.f5.com/products/big-ip
• Cisco http://www.cisco.com
• ...

Setup a Virtual IP service for DNS

setup

I will explain here, how to configure a virtual ip server with ucarp. Before i talk about ipvs, but i prefer talk about it another time.

Here we prepare a Master/Slave configuration (with two slaves or just one salve)

What does it means for setting up on DNS server

Download ucarp, and setting it is very simple.

Startup/shutdown VIP scripts

Very simple shell scripts

• /etc/vip-up.sh

#! /bin/sh

/sbin/ip addr add 10.0.0.252/24 dev eth0

• /etc/vip-down.sh

#! /bin/sh

/sbin/ip addr del 10.0.0.252/24 dev eth0

Start ucarp daemon

In a init script of you linux distrib, or you can create one.

you can also create a startup script, and can be launched at boot time with local init script.

• gentoo init script (/etc/init.d/ucarp)

#!/sbin/runscript

depend() {

need net

}

start() {

    ebegin "Starting ucarp daemon"

    UCARP_REALIP=`ip add show dev  ${UCARP_IF}  | grep -w inet | awk 'BEGIN {RS="/"} $2 ~ /[0-9]/ { print $2}'`

    start-stop-daemon --start --quiet --exec ${UCARP_BIN} \

        --pidfile ${UCARP_PIDFILE} -- \

        --daemonize --pass=${UCARP_PASS} \

        --interface=${UCARP_IF} --srcip=${UCARP_REALIP} \

        --vhid=${UCARP_VID} --addr=${UCARP_VIP} \

        --upscript=/etc/vip-up.sh --downscript=/etc/vip-down.sh

}

• gentoo config init file (/etc/conf.d/ucarp)

UCARP_BIN="/usr/sbin/ucarp"

UCARP_PIDFILE="/var/run/ucarp.pid"

UCARP_PASS="password"

UCARP_IF="eth0"

UCARP_REALIP="10.0.0.1"   # Server 1

#UCARP_REALIP="10.0.0.2"  # Server 2

UCARP_VID="1"

UCARP_VIP="10.0.0.250"

What does it means for setting up on DNS Client

When ucarp is up and both all DSN are up and running, DNS request is send to ${UCARP_VIP}, if the server that host VIP crash, then the VIP will be migrate onto another server, so we can allways target a valid DNS server. The resolv.conf file should have only this VIP in server entry line.

Requirement

Simple

software

• ISC-Bind

hardware

• A Linux sever

Master-Slave

software

• ISC-Bind

hardware

• 2 Linux server

Master and 2 slaves

software

• ISC-Bind

hardware

• At least 3 Linux servers

An IP alias for DNS services

software

• ISC-Bind
• An IP Service (or)
  • ivps
  • keepalived
  • ucarp
  • Hardware Load balancer

hardware

• At least 2 Linux server for DNS
• Server for IP virtuality service (or)
  • 0 if ucarp (it s the same as DNS)
  • 1 F5 or Cisco hardware
  • At least 2 Linux Servers if ipvs or keepalived (can be 0, but better if ipvs services is on another server)

Conclusion

We can see that security can be very expensive. the cheaper DNS service can be assume with a single server, but the better with at least four Linux servers or two servers and a hardware load balancer that is very expensive too.