Solved

BIND Slave Not Working when Master is Down

Posted on 2012-03-17
6
886 Views
Last Modified: 2012-04-03
Hi,

I have a Master DNS server running on Windows 2008 and a Slave DNS server running BIND on Linux.

The slave successfully collects the zone files from the master server, and can serve dns lookup requests fine.

However, recently the Master DNS server went down and I found that the slave also stopped working. When I run a test on the slave server using nslookup, it said

server can't find www.domain.com: SERVFAIL

The zone TTL is very low (2 minutes) to ensure we can switch to a backup server quite quickly. In the event that the Master server goes down, how can I ensure that the slave server keeps running, even when the zone files become old?

Here are the settings from windows

DNS Screenshot
And a copy of the zone file from the slave server

$ORIGIN .
$TTL 120        ; 2 minutes
domain.com IN SOA ns5.domain.com. hostmaster.domain.com. (
                                2012012061 ; serial
                                120        ; refresh (2 minutes)
                                120        ; retry (2 minutes)
                                120        ; expire (2 minutes)
                                120        ; minimum (2 minutes)
                                )
$TTL 86400      ; 1 day
                        NS      ns5.domain.com.
                        NS      sip2.domain.com.
$TTL 120        ; 2 minutes
                        A       **.222.**.254
                        MX      10 spam3.domain.net.
                        MX      10 spam4.domain.net.
$ORIGIN domain.com.
autodiscover            A       **.46.**.17
backupmx                A       **.222.**.224
ftp                     A       **.222.**.254
mail                    A       **.222.**.254
my                      A       **.222.**.254
ns1                     A       **.222.**.254
ns2                     A       **.222.**.51
ns5                     A       **.222.**.254
ns6                     A       **.222.**.51
pop3                    A       **.222.**.254
sip1                    A       **.222.**.126
$TTL 86400      ; 1 day
sip2                    A       **.250.**.36
$TTL 120        ; 2 minutes
sipprovisioning         A       **.222.**.254
sipserver               A       **.222.**.126
smtp                    A       **.222.**.254
webmail                 A       **.222.**.254
webserver1              A       **.222.**.254
www                     A       **.222.**.254

Open in new window


The goals are...
1) To keep TTL at 2 minutes to ensure we can make instant changes to our domains.
2) To ensure the slave server keeps zone files for at least 2 days when the primary server is offline.

Thanks
Dan
0
Comment
Question by:DanJourno
6 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 37733574
Your refresh, retry, and expire intervals are all a problem, especially the latter.  An expiry of 2 minutes means that after 2 minutes of no contact with the master the slave will stop responding to requests.

Some low-end values you could use for rapid/volatile changes are

retry - 1200
refresh - 800

Those are just examples but your expiry needs to be 172800 if you want the slave to answer queries for 2 days after losing contact with the master.


Read through http://www.zytrax.com/books/dns/ch8/soa.html for explanations on the different SOA fields.
0
 
LVL 77

Expert Comment

by:arnold
ID: 37733798
Usually the lower the level the more frequent the hits on your server.

Refresh should be 3600, retry 600, expiry 30 days 25920000
0
 
LVL 5

Author Comment

by:DanJourno
ID: 37733806
Arnold, how would those settings ensure that any changes are updated instantly?
We need a low TTL to ensure that any ip changes are relatively quick to ensure we can switch over to a backup application server when necessary.

Its Windows 2008 Web Edition. No AD.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 5

Author Comment

by:DanJourno
ID: 37733809
Papertrip, I'll read through that link and post any questions.
Thanks
Dan
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37734003
Basically, SRVFAIL means server fail which is configurational error.
To check your named.conf file check the following command :
named-checkconf /etc/named.conf

Does it show any error?
I see your slave zone file has stopped updating (by checking serial number) which has still 2012012061 serial.

You can find out the cause and error by checking DNS log file.
However, I'm attaching /etc/named.conf file which could give you idea.
named.conf.txt
0
 
LVL 77

Expert Comment

by:arnold
ID: 37734077
Part of your configuration there should be a notify within the zone transfer tab, this will notify the slave that a change has occurred which will trigger a refresh on the slave.

You should do a per host TTL rather than for the entire zone.
i.e.

my                      120 A       **.222.**.254
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question