Chris I've been considering doing the same thing at home, myself. So far these are my thoughts on how to operate this, but I am yet to get around to implementing it.
- You can have multiple DNS servers on your network provided that they have the same copy of the names - both static and dynamic(DHCP). Normally one DNS server would be authoritive whilst the other is subordinate and synchronisation would be achieved automatically through zone transfers. However, this is not the case here as DNSMASQ cannot act in this way. These two DNS servers are independent of each other. They just happen to have to same names in their database. Then just update /etc/resolv.conf on every client with both nameserver IP addresses. Or just update the DHCP option "dns-server,<DHCP1>,<DHCP2>" - When using multiple DHCP servers both DNS servers need to maintain synchronisation. When it allocates an IP address it only appears to update the local DNS within DNSMASQ. So the other DNS would not be informed. My idea, although a little clunky, is to utilise the config option "dhcp-script=<bash script>". Each time an IP address is created or destroyed, this script is called with the details. The script would then update a dynamic host file on both DNS servers (possibly using "rsh"). The config option "addn-hosts=/etc/dnsmasq.d/dyndns-hosts" allows for this. Then issue a 'kill -1 <process id>" to re-read it. Thus both servers would maintain name synchronisation. Simon. Can you advise as to whether there is a more elegant mechanism to achieve this. - You need to be a little careful with DHCP. You CANNOT have multiple servers offering the same range of IP addresses. Typically you would assign a DHCP range (192.168.1.100 --> .199, say) and split this in half. DHCP(1) would service .100 --> .149, whilst DHCP(2) would service .150 --> .199. This would ensure that duplicate IP addresses are never allocated. This works because both servers will offer an IP address from their own range and it's the DHCP client that accepts one of them, and rejects the other. As Hannu Napari suggested, using Docker might also help. I too have created a DNSMASQ image, but have remapped the /etc/dnsmasq.d directory outside of the container. This allows me to update the DNS/DHCP config without having to affect the Docker image. If you duplicate the image and the config directory to another RPI, then you know that both are at the same software version and have the same config (with minor variations). This will provide complete resilience in the event of a RPI failure. Of course, now you need to implement a monitor to alert you when one of them goes off-line. Otherwise you'll only find out that your back up failed when you've lost your primary. Hope this helps. Kevin -----Original Message----- From: Dnsmasq-discuss [mailto:dnsmasq-discuss-boun...@lists.thekelleys.org.uk] On Behalf Of Chris Green Sent: 31 August 2021 13:35 To: dnsmasq-discuss@lists.thekelleys.org.uk Subject: [Dnsmasq-discuss] How do others provide backup for their DNS? Ideas wanted I run dnsmasq on a Raspberry Pi to provide DHCP and DNS services on my home LAN. It's just very handy having names for all devices rather than having to use IP addresses. A few weeks ago the Pi died (or, more accurately, the SD card it was running on died) and it took me quite a while to get things back together again (like half a day or so, mostly down to trying to rush things). This isn't "mission critical", nothing awful happened when we didn't have the Pi providing DNS for half a day but it was 'messy'. So, I've been wondering how I can help myself sort things out more easily and quickly if it happens again. What do others do? The ways I can think of are:- Have an 'image' SD card of the Pi kept up to date somehow so that I can either change the SD card in the running Pi or use another Pi in place of it. Problem is how to keep the image up to date. Have a 'warm backup' dnsmasq running on another system. There is another Pi on the LAN and also a desktop server both of which are on all the time. How easy is it to replace one dnsmasq system with another on the LAN? Any other obvious ways? Thanks for any ideas. -- Chris Green _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
