[Dnsmasq-discuss] Secondary/tertiary dns servers in dhcp offers?
Simon Kelley
simon@thekelleys.org.uk
Sat, 13 Nov 2004 11:55:44 +0000
> dns replication #1
> Can I get two (or more) dnsmasq machines to let each other know about
> new A records they cache (including those spawned from dhcp leases), so
> if the primary goes down I have a secondary that can take requests? I
> believe the "server=/domain/ip-addr" directive may do this, but I'm not
> sure from the config file comments.
No, that directs queries for different domain to different upstream
nameservers. It's no possible to get two dnsmasq instances to
synchronise caches. You could use teo indpendent instances as backups if
they have identical copies of /etc/hosts and you wer'e using DHCP (see
below about DHCP.)
>
> dns replication #2
> I'm comfortable having an authoritative dns server on my local net
> (behind a firewall that blocks incoming dns requests from the outside
> anyway). It seems that the best way to have a "primary" dnsmasq
> machine, and a "secondary" dnsmasq machine would be to make the primary
> one authoritative, yes?
>
So you would have the secondary using the primary as it's upstream. That
would work, but be aware that by default dnsmasq sets the time-to-live
on any data from /etc/hosts and DHCP as zero, which will stop the
secondary from caching it. You can override this with the local-ttl
config option.
> dhcp secondary
> I'm not sure how I would have a "secondary" dhcp server, that could pick
> up if, and only if, the primary one were offline. If I run dnsmasq on a
> second machine on my local net, I would like to have it be both a backup
> dns server and dhcp server, even though I know the leases would not be
> shared between the machines (or is there a way to do that with
> dnsmasq?). I understand the problems that might cause, but I'm willing
> to deal with them for the few times it might arise on my small net.
The best defence against DHCP server downtime is long leases. If you
give 24 hour leases, then your DHCP server can be down for twelve hours
before any of the existing machine on the network hit any serious
problems. (New machines would fail to get an address, though)
>
To do fail-over properly, for DNS and DHCP, you really need to look at
ISC BIND and ISC dhcpd. They have all the correct facilities, but they
will cost you more machine resources to run, and much more effort to
configure, than dnsmasq. Each fits it's own niche though and I have to
resist the temptation to grow dnsmasq until it becomes an unholy
replication of the ISC daemons.
HTH
Simon.
>
> Questions, questions... 8^)= Thanks again for your assistance!
>
> Regards,
> Al
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>