How to setup internal DNS failover with BIND 9?

I have 2 low-power appliance servers running Ubuntu for DHCP and DNS services for my internal network. I've always had 2 in case of failure but today I decided to test the setup and it failed. All my clients are given two DNS server IPs when they grab an address via DHCP. Both of these servers are identical with the exception of one is a master for internal DNS names and the other holds slave records. All the master/slave functions are working just fine. There is no Active Directory here, FYI.

What I want to see happen si that when one of these servers drops offline, I want my clients to be able to resolve both internal and external DNS. As of right now that works just fine with the "master" because I have forwarders setup with my ISP. However, if I bring it down my clients cannot resolve internal or external names.
named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
 
include "/etc/bind/named.conf.options";
 
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};
 
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
 
zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};
 
zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};
 
zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};
 
zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};
 
include "/etc/bind/named.conf.local";
key rndc-key {
	algorithm hmac-md5;
	secret "xxxxxxxxxxxxx";
	};
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
	};
 
 
 
named.conf.options
options {
	directory "/var/cache/bind";
 
	// If there is a firewall between you and nameservers you want
	// to talk to, you might need to uncomment the query-source
	// directive below.  Previous versions of BIND always asked
	// questions using port 53, but BIND 8.1 and later use an unprivileged
	// port by default.
 
	// query-source address * port 53;
 
	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.
 
	// forwarders {
	// 	0.0.0.0;
	// };
 
	auth-nxdomain no;    # conform to RFC1035
	forwarders {
		207.207.0.3;
		206.127.0.3;
		};
	notify yes;
	allow-query {
		key intview; localhost; 172.16.0.0/16;
		};
	allow-recursion {
		172.16.0.0/16;
		};
 
};

Open in new window

jasonsfa98Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Point-In-CyberspaceCommented:
With the two servers uop and running try to connect to the dns service on the slave.
In linux use dig and in windows use nslookup.
In this way you can exclude any slave issue not related to dns service config.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jasonsfa98Author Commented:
Used nslookup to diagnose second DNS server and it failed. Looked closer and found that there was no default gateway setup.

Wow.

Thanks for showing me the path ...
0
jasonsfa98Author Commented:
Sometimes an exact fix isn't needed, just a path to follow ...
0
Point-In-CyberspaceCommented:
You're welcome. Btw you are right about the path to follow.


0
jasonsfa98Author Commented:
Redundant DNS and redundant DHCP .... awesome!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.