On Mon, Aug 28, 2006 at 01:51:42PM -0600, Tim Pushor wrote:
> Joachim Schipper wrote:
> >It will work, but as noted, there's no particular reason to do this;
> >redundancy is built into the DNS protocol.
> >
> >
> Well, there is a reason since I need another box to act as a secondary ;-)
> >The only caveat I can think of is that running services on a firewall
> >weakens your perimeter security.
> >
> >
> I concur. In this sealed environment it isn't nearly as much of a
> concern. The box is a router, with a very simple ruleset to allow remote
> administration over the Internet - thats the only real internet traffic.
> >Finally, don't sync master and CARP - sync master and slave(s) directly.
> >But that should be obvious.
> >
> >
> Yeah I thought that. I am still wondering if I should add the carp
> address for the secondary DNS (on the servers resolv.conf), or add
> secondary and tertiary addresses being the primary and backup router ...
Apparently, the more broken DNS implementations out there would favour a
CARP-based setup.
Joachim
