Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to setup internal DNS failover with BIND 9?

Posted on 2009-07-07
5
2,560 Views
Last Modified: 2013-11-15
I have 2 low-power appliance servers running Ubuntu for DHCP and DNS services for my internal network. I've always had 2 in case of failure but today I decided to test the setup and it failed. All my clients are given two DNS server IPs when they grab an address via DHCP. Both of these servers are identical with the exception of one is a master for internal DNS names and the other holds slave records. All the master/slave functions are working just fine. There is no Active Directory here, FYI.

What I want to see happen si that when one of these servers drops offline, I want my clients to be able to resolve both internal and external DNS. As of right now that works just fine with the "master" because I have forwarders setup with my ISP. However, if I bring it down my clients cannot resolve internal or external names.
named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
 
include "/etc/bind/named.conf.options";
 
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};
 
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
 
zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};
 
zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};
 
zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};
 
zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};
 
include "/etc/bind/named.conf.local";
key rndc-key {
	algorithm hmac-md5;
	secret "xxxxxxxxxxxxx";
	};
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
	};
 
 
 
named.conf.options
options {
	directory "/var/cache/bind";
 
	// If there is a firewall between you and nameservers you want
	// to talk to, you might need to uncomment the query-source
	// directive below.  Previous versions of BIND always asked
	// questions using port 53, but BIND 8.1 and later use an unprivileged
	// port by default.
 
	// query-source address * port 53;
 
	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.
 
	// forwarders {
	// 	0.0.0.0;
	// };
 
	auth-nxdomain no;    # conform to RFC1035
	forwarders {
		207.207.0.3;
		206.127.0.3;
		};
	notify yes;
	allow-query {
		key intview; localhost; 172.16.0.0/16;
		};
	allow-recursion {
		172.16.0.0/16;
		};
 
};

Open in new window

0
Comment
Question by:jasonsfa98
  • 3
  • 2
5 Comments
 
LVL 8

Accepted Solution

by:
Point-In-Cyberspace earned 500 total points
ID: 24796677
With the two servers uop and running try to connect to the dns service on the slave.
In linux use dig and in windows use nslookup.
In this way you can exclude any slave issue not related to dns service config.

0
 

Author Comment

by:jasonsfa98
ID: 24796840
Used nslookup to diagnose second DNS server and it failed. Looked closer and found that there was no default gateway setup.

Wow.

Thanks for showing me the path ...
0
 

Author Closing Comment

by:jasonsfa98
ID: 31600719
Sometimes an exact fix isn't needed, just a path to follow ...
0
 
LVL 8

Expert Comment

by:Point-In-Cyberspace
ID: 24807435
You're welcome. Btw you are right about the path to follow.


0
 

Author Comment

by:jasonsfa98
ID: 24808566
Redundant DNS and redundant DHCP .... awesome!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question