If you run e.g. two dns servers and one goes down, some applications start to work slower. This happens because they pick one dns server in order to resolve some address, and if this server is down, you'll have to wait untill timeout. Then they try the other(s).
All this may lead to a number of unpleasunt situations, like:
- High load on servers
- High number of connections to the server
- Insufficient resources b/c of former and so on..
To prevent such situations when 1 of dns servers goes down, we decided to run DNS service under keepalived. So that if one dns server goes down, keepalived on the other server brings ip of the gone dns server up. Dns servers are setup on IPVS directors (where keepalived servers running on). Typical keepalived config for dns may look like this:
[...]
vrrp_instance DNS1 {
state MASTER
virtual_router_id 1
interface eth0
priority 150
authentication {
auth_type PASS
auth_pass s3cr3t
}
virtual_ipaddress {
10.1.1.1
}
smtp_alert
}
vrrp_instance DNS2 {
state BACKUP
virtual_router_id 2
interface eth0
priority 100
authentication {
auth_type PASS
auth_pass s3cr3t
}
virtual_ipaddress {
10.1.1.2
}
smtp_alert
}
[...]
And vise versa on the other director.
We use powerdns in our setup. Unfortunely it cannot bind to ``all`` ip's on box. Actually it can, but there's no guarantee the you'll get the answer from ip you was quering. Because of this you have to bind to concrete ip's. This is not a problem at all unless you need to bind to different ip's automaticly if the other server goes down. In the begining i was trying to use some scripts to change pdns' config with notify_master/notify_backup. But recently i found a much more simple solution. All you need to do is to specify all ip's in every pdn's config on every dns server. And just to let pdn bind to ip's the box doesnt own, simply do:
# sysctl -w net.ipv4.ip_nonlocal_bind=1
This lets pdns to bind to all ip's and if the other server goes down, the one that alive will serve all queries to all ip's.
