[Dnsmasq-discuss] second dnsmasq machine for "hot standby" - proposals wanted
Bill C Riemers
briemers at redhat.com
Tue Jul 5 17:14:00 BST 2011
On 07/05/2011 11:26 AM, Modem Man wrote:
> I wonder if someone has some solution for my problem:
> In my private home, dnsmasq is running on a small server (NSLU2 / SlugOS
> 5.3) here.
> Sometimes, the having is dying because of other misbehaving processes or
> DoS attacks. When this happens, the whole home network is out of order,
> because of missing DHCP/DNS. Not the biggest problem if I'm at home. Can
> just reset the server and wait until it's up again.
> But last times, I've been out of home very often and the remaining
> family is starting to hate my computer network :-(
Sounds to me like you need a better firewall. DoS attacks should never even be allowed to reach your slug, let alone take it down. Even so, having a second DNS server is never a bad idea. If nothing else, it gives you a cleaner way to take down one for maintenance. What I used to do is have two NSLU's running 24 hours a day. Each was configured identical, except for IP address and each was configured to point to the other as a secondary DNS server. So any given machine in my network had a 50/50 chance of being used the NSLU2 I wanted to take down for maintenance. That meant if I took down an NSLU2 I had a 50% chance my wife would not notice anything. In the other 50% of the time her look-ups would slowdown waiting for the timeout on the primary DNS, but it would keep working... If your lease time is fairly short, eventually during an extended outage all the machines will switch over to NSLU2 that is still working.
Now what I do instead is I have dnsmasq running under tomatoUSB on my router. But NSLU2's are still configured as a backup, but I leave them off unless I'm doing maintenance work on the router. The idea being, if my router fails my network is dead anyway, until I plug-in my backup router to take it's place.
More information about the Dnsmasq-discuss