[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Setting a Seconday DNS Server - Help Please
- Subject: Re: [cobalt-users] Setting a Seconday DNS Server - Help Please
- From: Nico Meijer <nico.meijer@xxxxxxxxx>
- Date: Sun Dec 23 04:07:00 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi Johnny,
Maybe I will re-establish what I am trying to do:
Thanks a lot, because your first question was very confusing to me at
least. :-)
I want to prevent downtime in the case of a hard disk failure in my RAQ or
in case DNS problems arise.
DNS downtime is the least of your worries; I'll explain below.
I understand I can use a RAQ4r with RAID, but both would be in the same
location, so this does not seem to be a good solution in case something
happens with that entire network..
RAID won't help you if a complete *machine* is going down. A RaQ4r has
redundancy (or so I'm told) for that machine only. It won't copy data to
another RaQ for ya. RAID will help in case of a disk failure.
I have two RAQs, each on a different location. I would like to use the
second to mirror the first, having both actualized content. So in case one
fails, being the other the secondary DNS for the domain, it could take over
and continue serving.
This has very little to do with DNS, although it of course *is* involved.
You need a sort of failover solution: one down, the other picks up
(semi-)automagically.
How would you establish such a solution?.
Easy question, hard answer.
For the mirroring, I advise rsync (http://rsync.samba.org) over ssh
(http://www.openssh.com). If you don't do it securely, in my book, you'd
better not do it. There are probably many solutions out there.
rsync can copy data across networks with the ability to preserve
permissions, access times, etc. Using ssh as a transport layer, you add
security. Using ssh with key authentication, you add convenience.
Simple example:
rsync -avz --delete -e ssh /home/sites/ root@[theothermachine]:/home1/sites/
Issued as root this will copy everything in /home/sites/ recursively, with
permissions, etc. (a=archive mode) to your other machine using compression
(z) and telling you what it does (v). Also, it will delete (--delete) any
files on [theothermachine] that have been deleted on the source machine. It
will use ssh as its transport layer (-e ssh), so your files will be copied
securely. It is said you can also limit bandwidth, but I haven't tried that
yet.
Using key authentication, this is easily cronable.
That is the mirroring part. The failover part is much more difficult and
has been dealt with on this list before.
One option is to use round-robin DNS, which really doesn't do failover at
all. I believe (but please check this info!) it (sort of) works as follows.
On the primary nameserver, create two A records for (in this case) your two
machines that will host the websites:
www1 A 1.1.1.1
www2 A 2.2.2.2
Then, create CNAME records for www:
www CNAME www1
www CNAME www2
Now, anytime someone requests "www.[domain].[tld]", he/she will get either
1.1.1.1 or 2.2.2.2 in a rotating manner. You could add as many CNAMES as
you'd like, I guess, but I haven't tried this. Make sure both machines
answer to www.
This is - as I said - not a failover solution. If www1 goes down, half the
people on this planet get an error. The other half gets the website, as
long as www2 is up.
I don't know which hardware solutions might be available if you want to do
failover between different networks. I guess (!) one of the best ways to
this stuff is to get a cluster working:
http://www.linuxvirtualserver.org/
http://www.beowulf.org
http://www.mosix.org/
are examples.
I understad that Secondary DNS takes the content from the Primary DNS Server
Disk instead as from the secondary DNS Server Disk. What happens if hard
disk in primary fails? From where will secondary DNS take content?
Not totally right. Forget about the concept "disk" when doing DNS. DNS
(Domain Name System) only maps IPs to names and names to IPs (and vice
versa, of course ;-P).
When used correctly, DNS is redundant in itself.
Short, short, short version. One nameserver acts as primary for a domain
and therefore is "authoritative" for that domain. All data comes from the
primary and no other machine/service may do anything to alter the domain.
For example, you set up primary for domain.com. You define hostnames (www)
in that domain, define where mail should be headed (via an MX record) and
setup which nameserver(s) is/are secondaries for this domain.
Once you have loaded domain.com in the primary nameserver, you can tell the
secondary to come pick up the data for the domain. This is done via
network, not via disk (although the primary reads its data from disk of
course). The secondary only needs to know which domain data has to be
transfered from which nameserver. Done.
If the primary nameserver fails, the secondary will keep responding to
requests for domain info. Usually, you'll have anywhere between 12 and 24
hourse to get the primary back up, before the domain disappears.
End of short, short, short version.
Get the O'Reilly book if you *really* want to know what's going on!
DNS primarily/in itself has nothing to do with mirroring sites.
HTH... Nico