Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bind - Master as Slave & Slave as Master

Status
Not open for further replies.
bluntbill

bluntbill

Programmer
Jun 7, 2006
57
PT
Hello.

I want to have two VPS with hosting. Let's assume the first is ns1.tld.com and the other ns2.tld.com. They will also have a record for host1.tld.com (ns1 machine) and host2.tld.com (ns2 machine).

is it possible to have a domain which has primary dns as ns1 and slave as ns2, and another domain, which has primary as ns2 and secondary as ns1? Some domains having ns1 as primary and others ns2 as primary, and the other nameserver being the slave for them...

Does this approach have problems? and can they be solved?
Could the servers loop forever for example if I dig on ns1 and it is not in any of the nameservers? ns1 would ask ns2 for the IP, and ns2 ask ns1 for the IP too? and so on? or won't this happen?

Thank you in advance
 
Sort by date Sort by votes
does anyone have a clue?

or haven't I made myself clear and no one understands what I need?...

please help...
 
Upvote 0 Downvote
Should be fine. If ns1 nor ns2 can answer the query, they'd pass to the next level name servers.

You should be able to support nearly infinite domains on a host, well, as infinite as your server hardware and network access can handle.

Robert Liebsch
Systems Psychologist,
Network Sociologist,
Security Pathologist,
User Therapist.
 
Upvote 0 Downvote
There is no good reason to configure your name servers having ns1 be primary for one zone and ns2 primary for another. Make one (ns1) server the primary server for all your zones and ns2 secondary for all the zone on the primary. Load balancing is not done by making one a secondary or primary. Resolvers will query for the name servers that are authoritative for you zones. They will look for the name server that gives them the quickest response to their queries and use that server. A secondary server is as authoritative as a primary server, resolvers don’t care who is primary or secondary.
 
Upvote 0 Downvote
but is there a problem with using this approach?

I want to have two hosting VPS, providing different control panels. That is why one VPS would be primary for some domains (users who choose one of the panels) and the other VPS would be primary for the others who choose the other panel...
 
Upvote 0 Downvote
Each of your VPS sites has a public IP address, for example VPS1 could have an address of 77.77.77.10 and VSP2 have an address of 77.77.77.20. VPS1 is hosting and VPS2 is hosting DNS just answers queries about the sites with the IP address. On both the primary DNS and the secondary DNS server there will be two records one pointing to and one pointing to IN A 77.77.77.10
IN A 77.77.77.20
There is no difference between the information on the primary and secondary except that the primary has the SOA (Start Of Authority). And the only thing that is concerned about the SOA is Microsoft’s AD Servers.
 
Upvote 0 Downvote
i thought that setting ns1 as secondary of the domains in ns2, ns2 would send the dns records to ns1, and I wouldn't need to edit the domains in ns1, just allow transfers...

when someone queried ns1 for example2.com, it would ask ns2 for the info...and if ns2 was queried for example1.com, it would ask ns1 for the records...

doesn't this work?
 
Upvote 0 Downvote
no, you are talking about forwarding. There is no difference between the primary/secondary. They both return authoritative answers for your domains.

The traditional way to do this is have transfer the zone files from the primary to the secondary. That is why your example is not logical to people who manage lots of zones...we want all the files on the primary to ease administration. The only reason to do what you want is if there are two groups that manage different domains.

 
Upvote 0 Downvote
That sounds like what he wants to do. The different control panels are for different groups of users, Yes?
I assume the control panel can only modify DNS records (which is always done on the master/primary) on it's own nameserver, and you have two different hosting servers with two different sets of sites, controlled by their own control panels, Yes?

You would simply be operating two nameservers that are masters for different sets of domains. The other nameserver is simply secondary/slave to the other. I see no problem with this, if this is in fact what you are trying to do.

--jeff
 
Upvote 0 Downvote
that is exactly what I'm trying to do.

And there is no problem with my approach?

each of the control panels edit the zone files for the users they manage, and the other acts as their secondary. the secondary "imports" from the primary the zone files with zone transfers...i guess...

i wanted to know if there is anything that would not work or anything I must do in order for this to work and be secure...
 
Upvote 0 Downvote
The approach seems fine given your model. The others have posted most correctly about the relationship between primary and secondary nameservers, just be sure the control panel can't modify the zone files for domains that are not primary for that server (zone transfers are are usually stored in files under a subdir you specify called /etc/namedb/secondaries or similar, but you configure it that way to keep primary zone files and secondary zone transfers separated).

To ensure you are secure, you probably want to follow best practices for BIND (like sandboxing, files perms, etc...)

You will want to have the control panel (or some other business procedure) to notify someone to add the secondary zone on the "other" server (secondary) when new domains are created on the primary.

--jeff
 
Upvote 0 Downvote
ok that was one thing i did not think about. I will need a file on the secoondary for each domain, or queries to the secondary won't return a result is that it?

the zone file on the secondary contains any data? shouldn't it be automaticaly imported by the secondary if someone queries it about a domain the server doesn't know?

thanks for your help
 
Upvote 0 Downvote
Yes, the zone file on the secondary contains a copy of the zone file from the primary after the zone transfer is completed (serial number update) and usually a SIGHUP.

You have to configure the secondary nameserver with zone records in /etc/named.conf for any new domains that the nameserver is supposed to secondary for, otherwise zone transfers will fail because the secondary will not recognize its authortity for the domain.

The zone record on the secondary specifies the location of the zone file that is automatically transferred when the Serial Number is changed on the master (best practice is to put in a subdir of /etc/namedb to keep primary zone files separated from secondary zone files for DNS admin sanity). The master/primary is the only place the zone file should be changed....the primary "maintains" the contents of the zone file on the slave/secondary through the zone transfer mechanism.

Keep them separate for security and because the primary maintains the secondary zone files through the automatic zone transfer by design.


--jeff
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blind Faith
  • Locked
  • Question
Bind9 master insisting on checking NS at root
Replies
5
Views
11K
YoBo7
YoBo7
Propus Gemini
  • Locked
  • Question
BIND don't resolve Microsoft Teams URL
Replies
1
Views
11K
iggsterman
iggsterman
R. B.
  • Locked
  • Question
BIND BLOCK IN ANY REQUEST
Replies
0
Views
10K
R. B.
R. B.
dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
10K
dl12345
dl12345
Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
10K
Nick Ellson
Nick Ellson

Part and Inventory Search

Sponsor

Back
Top