[Dnsmasq-discuss] second dnsmasq machine for "hot standby" - proposals, wanted

Modem Man modem-man at gmx.net
Sat Jul 9 13:47:53 BST 2011


dnsmasq-discuss-request at lists.thekelleys.org.uk schrieb:
> From: Michael Rack, from Freilassing, Germany
>
> If you can be sure, that your NSLU2 does not react for ssh then try this:
> Make sure, your Hot-Standby can login via ssh to the Master-Device 
> without needing a password (ssh-keygen).
>   
This ssh thing is already on my "need to learn" task list.
For different reasons, but I understand your idea now.
And - yes this will usually fail if NSLU2 is down.
> So lets begin:
> 1) change your dnsmasq-configuration to use a dhcp-leasefile
>          dhcp-leasefile=/var/state/dnsmasql.leases
> 2) create a bash-script on your hot-standby
>   
>> #!/bin/bash
>> scp master-server:/var/state/dnsmasql.leases /var/state/dnsmasql.leases
>> if [ $? -ne 0 ]
>> then
>>     /sbin/ip addr add [ip.of.master.server]/24 brd + dev eth0
>>     /etc/init.d/dnsmasq start
>> else
>>     /etc/init.d/dnsmasq stop
>>     /sbin/ip addr del [ip.of.master.server]/24 dev eth0
>> fi
>>     
> 3) add this script to run periodicly on your hot-standby
>   
okay, I see. Catching two things with one hit - availability and shared
leases file.
If secure copy via ssh fails, I add also the static addr of my master
server to eth0 interface and start dnsmasq here.
After scp is working again, I stop the backup dnsmasq and remove the addr.
Sounds usable for my. I'll try it out and give a feedback after some weeks.

May be, I'll try to combine this with the proposal of Bill Riemers ...
reporting both DNS servers the same time:
    dhcp-option=3,192.168.0.123,192.168.0.456
In this case I would try if I can run the backup machine with dnsmasq
(only DNS). In case of failure,
I reconfigure it to also serve DHCP and restart dnsmasq.
Let's see if this will work.


Thank you both Michael and Bill for the help.

BTW:
DoS sometimes comes from between firewall and NSLU2.
Nobody needs a better firewall here.
Somebody needs more beating ;-)





More information about the Dnsmasq-discuss mailing list