More Robust DNS (Was: Re: [cobalt-users] How to use .include file to add secondary dns)

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

josh wrote:

> As my RaQ is a primary, then two
> primaries and one secondary make three. See below for quotes -- the
> Cobalt Inteface clearly is making conventional good practice
> impossible.

It meets the "minimum" requirements, I'd guess.

I use both the cricket book and _Linux DNS Server Administration_,
written by Craig Hunt and published by Sybex.  It's even less specific
on the number of slave nameservers than is the cricket book <frown>.

> My favorite book on Unix System Administration, _UNIX System
> Administration Handbook_ by Evi Nemeth and a slew of other people
> states:

Thanks for this reference.

> 
> "The master server should be located on a machine that is stable, does
> not have many users, is relatively secure, and perhaps in on an
> uninterruptible power supply. There should be at least two slaves, one
> of which if off-site. On-site slaves should live on different networks
> and different power circuits. When name service stops, all normal
> network access stops, too."

This is still a bit unclear.  Unless the master is on a firewalled
machine, then I question the advantage of having two nameservers at the
same site, which is what this paragraph seems to be saying to me.  In
effect we do this, in that we host master records on a non-public
nameserver, and the two public servers are in different locations.

I can (and probably will) add a European nameserver to the mix as well.

> For guidance you might also look at  RFC 2182:
> 
> * 2182: Selection and Operation of Secondary DNS Services.
> 
> Particularly section 5
> 5. How many secondaries?
> 
>    The DNS specification and domain name registration rules require at
>    least two servers for every zone.  That is, usually, the primary and
>    one secondary.  While two, carefully placed, are often sufficient,
>    occasions where two are insufficient are frequent enough that we
>    advise the use of more than two listed servers.

Unfortunately this isn't too specific either.  I'd sure like to see some
examples; I'd bet that by using a private master and advertising two
slaves (which you CAN do using the Raq interface), I think I may qualify
as the exception <smile>.

>   It is recommended that three servers be provided for most
>    organisation level zones, with at least one which must be well
>    removed from the others.  For zones where even higher reliability is
>    required, four, or even five, servers may be desirable.

You see, it's that "one which must be well removed from the others)
which is confusing.  Why would you have two at one location, unless one
is private, in which case the Raq handles it fine, though my email
didn't mention it <frown>.

The way you can have a private primary and two secondaries using the RaQ
interface is pretty simple, requiring only several one-time changes;
while I'd bet you already know this, others may not, so here it is:

Using a RaQ inside your firewall, do the following:

1) change the RaQ software so instead of using the domain name of the
main domain for the first nameserver, and no second nameserver, to use
instead use two nameservers of your choosing (I'm not looking now, but
there's one file somewhere that has to be changed once).

2) set up all the domains with primary DNS records

3) move the /etc/records file to a publicly web-accessible location
several times a day.  There are several ways to do it, all of which have
security tradeoffs; we use only private address space on the firewalled
RaQ, and one private address on the publicly web-accessible RaQ.  We've
got one cron job to move the /etc/records file to the web directory of
the main site on the firewalled RaQ, then another cron job to get it via
http over the private address and move it to a web-accessible location
on the public Raq (which is the "primary slave" if I may coin a term.