Dns failover

There are two ways you can do this
1. Most DNS will provide what's called a "Round Robin" if you assign multiple A records to the one name in the zone.

What it would do then, is the first request comes through would receive 1.2.3.4, the next would receive 2.3.4.5, so on and so forth. However, by design, your local machine will cache its DNS resolution, and will usually use the same IP address over and over, until it expires (Time To Live, TTL). So keep a low TTL.

2. This is using the NS records. If NS1 for webmail.mydomain.com is the primary machine itself and NS2 for webmail.mydomain.com is the secondary machine. In this scenario if primary webmail.mydomain.com fails NS1 also will go down hence all request will be made to NS2.

Happy new year and Cheers..

No 1 Won't work for Failover. Two A records for a host name doesn't automatically use the second if first fails.  You just get a timeout.  Been there.  Tried that.  It alternates with each query, but those getting the failed host first just time out.

No 2 won't work for Failover without manual intervention, the DNS server has to be down (not the hosts, which is what you normally want to failover).  Unless you did something funky like setup NS1 / NS2 at the alternate sites (opposite the one it's serving IPs for), but still, the same boat...there's nothing causing a client to not query the secondary DNS, which will give the failover IPs, so it would need to be up and answering at both IPs during "normal" operation.  That may fit in this case, but still a bit clumpy. Since the Draytek is in failover mode, I don't believe it actively serves from both connections at the same time, it simply brings up the other interface if the primary fails (heartbeat style).

You also want to make sure the DNS server is not on the network you are planning for failover from.  I've had clients come to me in the middle of doing this setup, only to realize their DNS would be down if their primary link failed, also ;)

Let me explain the second point again.
NS1 entry for webmail.mydomain.com points to primary webmail.mydomain.com and NS2 entry for webmail.mydomain.com points to secondary webmail.mydomain.com

Thus to resolve webmail.mydomain.com primary webmail.mydomain.com will always resolve to IP of primary webmail.mydomain.com. If primary webmail.mydomain.com fails the query will be automatically be forwarded to the server pointed by NS2 which is secondary webmail.mydomain.com and will always resolve to the IP of secondary webmail.mydomain.com

I do understand that theory, unfortunately, there is no guarantee that, while everything is "normal", a client won't query NS2 and get the failover IP.  I have up to 5 name servers, and they all take hits at all times of the day, not just if the first listed is down.  Now, if both connections are up, and it's serving from both, that would work, but the NS would have to be serving from behinds the same connections, NS1 on the primary, NS2 on the secondary circuit.  Otherwise, NS is still going to answer with the "down" IP if it's reachable.  That, or you need some way to take NS1 out when the primary goes down, simply so it doesn't answer with the downed IP.

So yes, that would work, but only is NS1 failed when the primary link goes down, so that NS2 would then answer with the failover IP.  Otherwise, NS1 is going to answer with the down IP.

But, for 20-40 bucks a year, you can have enterprise class hosted DNS failover that automatically checks, alerts, fails over (5 levels deep), and self-heals (or not, if you choose). I definitely recommend that.

How do you think webmail.mydomain.com will resolve if the DNS server pointed by NS1 is down?

It's a bit messy; given that there's only one (DNS) server you'd have to configure two different instances of BIND (or some other DNS server) on the same system (each listening on a different IP). You can't get around the requirement of running two different zones to furnish clients with situational answers and Views cannot be used in this instance.

Chris

What I mentioned for point 1 "Round Robin" if you assign multiple A records to the one name in the zone it will time out if the resolved IP is of the failed server. So this method won't work..

How ever I would recommend to keep the "Round Robin" i.e. assign multiple A records to the one name in the zone. When every thing is working fine means when both primary and secondary are up and running nothing to worry. Let us say if the primary server goes down the IP address of the primary server is aliased on the secondary server and vice-verse i.e. if the secondary server goes down the IP of the secondary server is aliased to the primary server. This can be achieved with Linux HA using heartbeat..

Regards

Onsite HA will not protect against connection failure (except when you opt for different DNS servers giving out different answers). That just puts you back to square one, running two different name servers.

To be honest, I would favour hosting DNS elsewhere with monitoring, much like the services mentioned by mugojava. It's about as good as you'll get for this type of connection.

The best approach would be full connection fault tolerance (i.e. no second IP), and that's only going to happen on the ISP / hosting level unless you wish to apply for your own IP block and manage BGP for your AS on your network border.

Chris

Let me clarify the question again. May be I have not understood it.
abolinhas has a dedicated server and dns server.
He has two internet lines with fixed IP's coming to his office location conected to draytek 2820 in failover mode.

In other words say you have ip's 1.1.1.1 and 2.2.2.2 both connected in failover mode. Your ip 1.1.1.1 is your dns and dedicated hosting server. Now if your ip 1.1.1.1 fails outside world should connect to your domain with ip 2.2.2.2

Is my understanding correct?

That's also my understanding of the scenario.

Chris

In that case if NS1 points to dns server 1.1.1.1 and NS2 points to dns server 2.2.2.2. say ip 1.1.1.1 fails obviously dns at 1.1.1.1 will also is not reachable. The query is then forwarded to dns server 2.2.2.2 which will resolve the server address as 2.2.2.2.

Absolutely. But you need 2 DNS servers (because you need two distinct zones). It may be possible to run those on the same hardware, if the software permits that.

Chris

Let me explain better my scenario.

One hosting server (dedicated with cpanel e bind) for my domain and dns, on this server I have two NS and varius A records.

In my company I have two internet lines connected to my draytek.
In my company I have a internal mail server to with webmail.

Now I want create a failover for this A record webmail.mydomain.com.
This A record point to my internal mail server.

So, if the primary internet line goes down, the A record will point automatically to my secondary internet line.

Is better now ?

DNS and the service you wish to provide fault tolerance for are on different servers?

If so, it makes the option with spinning up different name servers very difficult to implement as they would have to run in your office, not on the hosted server.

The best bet is to monitor the web service / connection status, and ammend DNS accordingly (scripts, and very low TTLs). You can do that yourself if you like, or you can pay someone to do it for you (as mugojava suggested).

Shifting services around like this isn't something that comes easily, the next step up is full connection redundancy. Either with a single ISP who can provide fault tolerance, or by obtaining your own IP block, and setting up BGP. Neither is cheap or easy, but it removes your reliance on changing IP addresses.

Chris

@ Chris-Dent - DNS and the service you wish to provide fault tolerance for are on different servers?
Yes

My primary address is 1.1.1.1 and my secondary ip is 2.2.2.2

So if I configure this scenario on my dns server, he will work ?


Type | Domain                            | IP          | TTL
A      | webmail.mydomain.com  | 1.1.1.1  | 600
A      | webmail.mydomain.com  | 2.2.2.2  | 300

Best regards

Absolutely right abolinhas
You have to have the following

Type | domain                           | ip
NS1  | webmail.mydomain.com | 1.1.1.1
NS2  | webmail.mydomain.com | 2.2.2.2

On dns 1.1.1.1
Type | Domain                            | IP          | TTL
A      | webmail.mydomain.com  | 1.1.1.1  | 300

On dns 2.2.2.2
Type | Domain                            | IP          | TTL
A      | webmail.mydomain.com  | 2.2.2.2  | 300

regards

NS1 and NS2 must be defined by your ISP

The NS is the fixed ip of my dedicated hosting server.

@ Chris-Dent: - expert_tanmay's option will work if you can get two instances of DNS installed on webmail itself (or something else on your network if you're using PAT).
Yes, I have pats to my mail server

Trust me, go the best, and easiest route.  Go to DNSMadeEasy.  Sign up for the small business, and buy a dns failover record instance.  About 30 bucks a year, and it just works.
You'll spend twice that much in electricity to run a server for one month.
Any other way is really going to be cluged together.

> Yes, I have pats to my mail server

You need a name server running on each of the connections there as well.

To be blunt, if you don't understand DNS particularly well you're far better going with mugojava's suggestion. Whichever company you choose will be able to help you through it.

Setting up name servers in the manner suggested needs you to understand how to setup and run a DNS service, and a little of how delegation works.

Chris

I ask try dnsmadeeasy was expert_tanmay's suggest

Just to share, I find this failover service to:
https://web.easydns.com/DNS_pro.php

Thanks all of you.
.