On 08/06/2018 08:14 AM, Leroy Tennison wrote:
As previously posted, I just added a slave of a master for disaster recovery and now need to know how to promote it should the master be offline too long.
Please see the reply that I just sent for details about how I handled this problem in the past.
An additional complicating factor is that the master and slave exist on a failover pair managed by keepalived.
Okay. My opinion is that keepalived should be used between two identical servers. Thus between two masters or two slaves. I would not want to try to cross the role between two servers managed by keepalived.
My web search has found a few references to this situation but they have either used slave servers or were veery light on the details of bind configuration.
I've not dealt with keepalived in a long time, so I can't say for sure. But I believe that most of the configurations I've seen work between two slaves that share a common (optionally hidden) master server. This allows both servers to be identical and a backup for each other and avoids the need for keepalived to significantly reconfigure BIND's operation.
I'm converting and existing situation where there was a single server for almost totally non-DHCP clients (servers).
Okay.
I would prefer to not roll out a different DNS resolver configuration to all those non-DHCP clients
I do not see any reason to change the client configuration.Ideally the DNS server's VIP / functional IP will stay the same. Thus no need to reconfigure clients.
The change will be in the servers that are capable of hosting said VIP.Aside from potential SOA / MNAME issues (see my other reply) I don't see any issues in adding additional servers; 1 (optionally hidden) master and an additional slave to participate in the keepalived configuration with the existing server.
the environment size is sort of "in between" (not small or large).
The environment size is immaterial to the BIND configuration. (It may be applicable to you for motivation to doing things.)
The issues I see are in the SOA, with keepalived I could leave the SOA the same on both since the IP address for the DNS server (and other functions) moves.
I don't think the SOA / MNAME actually need to be the same. They just need to be accessible. (See my other reply.)
The question is "Am I missing something?" which will come back to haunt me later?
It's hard to say. I don't see anything obvious jumping out at me. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
