[Dnsmasq-discuss] How do others provide backup for their DNS? Ideas wanted

Kevin Tedder kevintedder at hotmail.com
Wed Sep 1 17:59:16 UTC 2021

I've been considering doing the same thing at home, myself.  So far these
are my thoughts on how to operate this, but I am yet to get around to
implementing it.

- You can have multiple DNS servers on your network provided that they have
the same copy of the names - both static and dynamic(DHCP).     Normally one
DNS server would be authoritive whilst the other is subordinate and
synchronisation would be achieved automatically through zone transfers.
However, this is not the case here as DNSMASQ cannot act in this way.  These
two DNS servers are independent of each other. They just happen to have to
same names in their database. 
Then just update /etc/resolv.conf  on every client with both nameserver IP
addresses.  Or just update the DHCP option "dns-server,<DHCP1>,<DHCP2>"

- When using multiple DHCP servers both DNS servers need to maintain
synchronisation.  When it allocates an IP address it only appears to update
the local DNS within DNSMASQ.  So the other DNS would not be informed.  My
idea, although a little clunky, is to utilise the config option
"dhcp-script=<bash script>".   Each time an IP address is created or
destroyed, this script is called with the details. The script would then
update a dynamic host file on both DNS servers (possibly using "rsh"). The
config option "addn-hosts=/etc/dnsmasq.d/dyndns-hosts" allows for this. Then
issue a 'kill -1 <process id>" to re-read it.     Thus both servers would
maintain name synchronisation.

Simon.   Can you advise as to whether there is a more elegant mechanism to
achieve this.

- You need to be a little careful with DHCP.  You CANNOT have multiple
servers offering the same range of IP addresses.  Typically you would assign
a DHCP range ( --> .199, say) and split this in half.   DHCP(1)
would service .100 --> .149, whilst DHCP(2) would service .150 --> .199.
This would ensure that duplicate IP addresses are never allocated.     This
works because both servers will offer an IP address from their own range and
it's the DHCP client that accepts one of them, and rejects the other.   

As Hannu Napari suggested, using Docker might also help.   I too have
created a DNSMASQ image, but have remapped the /etc/dnsmasq.d directory
outside of the container. This allows me to update the DNS/DHCP config
without having to affect the Docker image.  If you duplicate the image and
the config directory to another RPI, then you know that both are at the same
software version and have the same config (with minor variations).

This will provide complete resilience in the event of a RPI failure.   Of
course, now you need to implement a monitor to alert you when one of them
goes off-line.  Otherwise you'll only find out that your back up failed when
you've lost your primary.

Hope this helps.

-----Original Message-----
From: Dnsmasq-discuss
[mailto:dnsmasq-discuss-bounces at lists.thekelleys.org.uk] On Behalf Of Chris
Sent: 31 August 2021 13:35
To: dnsmasq-discuss at lists.thekelleys.org.uk
Subject: [Dnsmasq-discuss] How do others provide backup for their DNS? Ideas

I run dnsmasq on a Raspberry Pi to provide DHCP and DNS services on my
home LAN. It's just very handy having names for all devices rather
than having to use IP addresses.

A few weeks ago the Pi died (or, more accurately, the SD card it was
running on died) and it took me quite a while to get things back
together again (like half a day or so, mostly down to trying to rush
things).  This isn't "mission critical", nothing awful happened when
we didn't have the Pi providing DNS for half a day but it was 'messy'.

So, I've been wondering how I can help myself sort things out more
easily and quickly if it happens again.  What do others do?

The ways I can think of are:-

    Have an 'image' SD card of the Pi kept up to date somehow so that
    I can either change the SD card in the running Pi or use another
    Pi in place of it.  Problem is how to keep the image up to date.

    Have a 'warm backup' dnsmasq running on another system.  There is
    another Pi on the LAN and also a desktop server both of which are
    on all the time.  How easy is it to replace one dnsmasq system
    with another on the LAN?

    Any other obvious ways?

Thanks for any ideas.

Chris Green

Dnsmasq-discuss mailing list
Dnsmasq-discuss at lists.thekelleys.org.uk

More information about the Dnsmasq-discuss mailing list