[Dnsmasq-discuss] Secondary/tertiary dns servers in dhcp offers?

Simon Kelley simon@thekelleys.org.uk
Sat, 13 Nov 2004 11:55:44 +0000

> dns replication #1
> Can I get two (or more) dnsmasq machines to let each other know about
> new A records they cache (including those spawned from dhcp leases), so
> if the primary goes down I have a secondary that can take requests?  I
> believe the "server=/domain/ip-addr" directive may do this, but I'm not
> sure from the config file comments.

No, that directs queries for different domain to different upstream 
nameservers. It's no possible to get two dnsmasq instances to 
synchronise caches. You could use teo indpendent instances as backups if 
they have identical copies of /etc/hosts and you wer'e using DHCP (see 
below about DHCP.)
> dns replication #2
> I'm comfortable having an authoritative dns server on my local net
> (behind a firewall that blocks incoming dns requests from the outside
> anyway).  It seems that the best way to have a "primary" dnsmasq
> machine, and a "secondary" dnsmasq machine would be to make the primary
> one authoritative, yes?

So you would have the secondary using the primary as it's upstream. That 
would work, but be aware that by default dnsmasq sets the time-to-live 
on any data from /etc/hosts and DHCP as zero, which will stop the 
secondary from caching it. You can override this with the local-ttl 
config option.

> dhcp secondary
> I'm not sure how I would have a "secondary" dhcp server, that could pick
> up if, and only if, the primary one were offline.  If I run dnsmasq on a
> second machine on my local net, I would like to have it be both a backup
> dns server and dhcp server, even though I know the leases would not be
> shared between the machines (or is there a way to do that with
> dnsmasq?).  I understand the problems that might cause, but I'm willing
> to deal with them for the few times it might arise on my small net.

The best defence against DHCP server downtime is long leases. If you 
give 24 hour leases, then your DHCP server can be down for twelve hours 
before any of the existing machine on the network hit any serious 
problems. (New machines would fail to  get an address, though)


To do fail-over properly, for DNS and DHCP, you really need to look at 
ISC BIND and ISC dhcpd. They have all the correct facilities, but they 
will cost you more machine resources to run, and much more effort to 
configure, than dnsmasq. Each fits it's own niche though and I have to 
resist the temptation to grow dnsmasq until it becomes an unholy 
replication of the ISC daemons.



> 	Questions, questions...    8^)=   Thanks again for your assistance!
> Regards,
> Al
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss