I run a multi-master environment. We have 3 data centers which are
considered to be able to run even though the rest are down. Initially,
we ran our masters with the same exact configurations on each. One of
the data centers was administratively defined as being the 'update
master'. From there, any changes were first done locally and then
rsync'd to each of the other data centers. Once in place, rndc reload
was executed to pick up the changes on all of the masters. However,
with the dawning of DNSSEC, that became problematic.
Later we moved to dynamic updates and simply sent the update commands to
each master separately. That worked but still resulted in issues with
resyncing the zones after one of the data centers was out of communication.
Now we have moved to one 'update master' and the rest being slave
masters. When we want to change the update master, we have scripts
which make the needed mods in the zone configurations and then restart
named. It's not the prettiest method but it does provide the single
point of update, automatic recovery if one of the datacenters is not
reachable and full support of DNSSEC. There is no issue with zone file
format as the zones are kept in text format and upon conversion to
slave, we touch each of the files to prevent the new slave from expiring
the zones immediately.
-- John
On 5/6/2014 2:20 PM, Baird, Josh wrote:
Hi,
For those of you who operate at multiple sites or datacenters, are you doing
any HA for your BIND masters? Ideally, we would have a master in each
datacenter; maybe not an active one, but one that is standing by in case your
primary master becomes unavailable.
Do you have multiple "active" masters and list them as master in each of your
slave's zone definitions? This seems like it could get rather messy. One thought is to
use a technology like VMWare SRM which will spin up a master/virtual machine
automatically in a second datacenter if your primary master goes down. This coupled with
Layer2 connectivity between your sites could make things fairly simple. The
standby/secondary master would retain the same IP address as your primary, so everything
should just *work*.
What are others doing? Any thoughts, ideas or advice is much appreciated.
Thanks,
Josh
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users