BIND dns master server vs slave server

Hi,

I have a  question regarding master dns server and slave DNS server. IS this slave used for load balancing or  in case master failed slave take over?  Thanks in advanc.e
mokkanAsked:
Who is Participating?
 
gt2847cConnect With a Mentor Sr. Security ConsultantCommented:
The master/slave relationship is a configuration mechanism.  You configure the master, and the slave units will copy the configuration from the master (zone transfers).  It simplifies managing multiple DNS servers.

You want to have multiple DNS servers in any production environment.  It provides redundancy in case of failure.  It does not, in an of itself, provide load balancing however.  That is done through configuration on the client side, network configuration, or through a load balancer:

Client side:
Alter the order for DNS server on the clients - manually or through DHCP

Network configuration:
Use of solutions like multicast or IP Anycast to allow the network to route traffic to the closest DNS server

Load balancer:
Either software based or hardware based, examples like F5 Big IP, Cisco ACE, etc.  These solutions can (depending on how configured) pass traffic to multiple DNS servers to manage load


Current DNS systems allow for multiple master which allows for multiple units to make updates.  This is useful in situations like Active Directory which (can) allow clients to send update records to the DNS server (publishing resource records).  By allowing multiple master DNS servers, one primary server does not have to manage all updates which could overwhelm it in a large enterprise environment.  Multi-master is a far more complex topic as you have to handle update collisions, and a more complex versioning scenario.

That help some?
0
 
mokkanAuthor Commented:
Hi gt2847c,

Thank you very much. If I understan correctly, if we update the DNS zone in master server, it will get notify to slave as well and slave will update the DNS zone files locally.  It will use it for load balancing ?  If the master goes down, what will happen?

Also, how does slave zone fiels get update? Do we need to do set up a cron job or anything or bind has any feature to update SLAVe zones?
0
 
gt2847cConnect With a Mentor Sr. Security ConsultantCommented:
Unless configured to send notify messages to slave units, the slave units themselves will query the master based on the configured refresh time for a given zone.  Once the refresh timer expires, it will query the master to see if the zone serial number differs (is greater than) the serial number it has cached.  If the number is equal or less than its own number, no zone transfer will occur and the refresh timer is reset.  If the number is greater, it will initiate a zone transfer from the master (this can be a full transfer or incremental transfer) and update its cached files with the new data.  Once the transfer is complete, it will reset the refresh timer and continue the cycle.  The update cycle is client (slave) driven.  The master may send notify messages to defined slaves if configured to do so, but that doesn't guarantee the slave will update, it's just a notice...  

This is the traditional way DNS keeps itself up to date.  Many current IP address management solutions (IPAM) with DNS server integration use a back end database to manage updates and do not rely on the zone transfer mechanism.  One thing to note, if you are doing changes to the master through manual changes to configuration files rather than through an IPAM solution, you must make sure you update the serial number of the zone you are changing or none of the slaves will update.  This will cause client problems due to inconsistency of zone data between the primary and slaves.

Load balancing is not a function of the DNS solution with respect to itself.  Load balancing amongst DNS servers must be handled externally (as described above).  

On the topic of the master going down, there are two perspectives:

From a DNS server view, the slaves will continue to operate and serve addresses, but no new records/zone information/changes will get to them as they depend on the master for "authoritative data"  (that said, there are ways around this, but we're talking normal modes of operation vs how to fix problems).  The slaves will continue to serve only the data that they have until the zone configured "Expire Time" is exhausted.  Once this occurs, the secondary will consider the zone data too old to be reliable and will stop resolving any records for the expired zone.  The default value for this is 1 day, but it can be set higher.  

From the client view, any client pointed at the master DNS server as its primary resolver will be unable to resolve addresses.  This is mitigated by the fact that most systems have a minimum of two resolvers configured (primary/secondary).  If the primary times out, the client will then query the secondary (or tertiary, etc, etc).
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
gt2847cSr. Security ConsultantCommented:
Did this answer your questions?  Did you need any further assistance?
0
 
SandyConnect With a Mentor Commented:
Yes, they are sort of helping hand to each other. From client prospective in case one fails, client can make the FQDN's resolve with alternative host setup.
0
 
mokkanAuthor Commented:
Thanks a lot guys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.