Hosting

[nationavon]

This may not be the appropriate forum, but I am hoping someone can provide me with some information.

The company I work for is going to start hosting its own web sites. We will have a server running Apache in the DMZ. I am a little lost on how DNS will need to be configured. I know that we will need to configure the DNS settings with the domain registrar. That brings me to my question. How do most people handle DNS? Do they use a external DNS server? Is there a DNS server in there DMZ?

We will have a standby web server that is used for failover. My thoughts are if we had our own DNS server in the DMZ we could just change the ip address that the domain points to.

I really need help understanding how how DNS fits into this picture.

I appologize if this is not a appropriate forum to post this.

Nathan

 

[lgarner]

Your registrar could provide DNS service, or you could run your own. It's nice to have the immediate control over your DNS servers, but you have to ensure that you have a reliable setup for it- redundant servers, preferable geographically separated.

As for Apache failover, I'd use a virtual IP address with something like heartbeat. It's a lot faster to fail over than a DNS change, and it's automatic.

 

[elgrandeperro]

I would strongly advise not twiddling the DNS when changing the failover. Each DNS record has a TimeToLive, and generally for good performance and reliablity this value is large (a few hours). If you know you are going to switch servers, you can scroll down the TimeToLive to a few minutes, then switch. But on a catastrophic failure, you don't have that opportunity and the Internet will cache the previous DNS record. That means you will be giving inconsistent results for exactly TimeToLive seconds, let alone when you switch back! So assigning the IP and either using some failover or loadbalancer or cluster or manual procedure is best.

I have always had my own DNS server inhouse, but it doesn't really matter as long as you have a way to update/reload the records, and a secondary as mentioned by lgarner.

gene

 

[nationavon]

I was thinking the whole idea of having your own DNS server in house would be failover. If my registrar is pointing to my DNS servers as the name servers and my web server goes down, theoretically I should be able to change my DNS to point to my new server. Isn't that correct? Since my registrar is has configured my domain to point to my name servers there would be no need to replicate any changes across the internet. I just don't understand where the DNS server would sit. In my DMZ? Also my webservers do not have internet routable addresses. My firewall does NAT to the web servers. Can you guys help me unwind this mess?

Nathan

 

[elgrandeperro]

Okay, since you NAT, it would be better to just change your NAT to redirect traffic to your backup web server. What I am saying is even AFTER you make a DNS change and your site has been accessed, the DNS records will stick around the Internet for TimeToLive regardless of what your DNS server says! In other words, the change you made will not be fully effective until the TimeToLive expires. New queries will work, but any http proxy server or any DNS server that previously queried for that URL will have the old value. The change is never instantaneous.

If you housed your own DNS server it should be in a DMZ. I don't NAT my DNS server, but lots of people do it that way.
Configure proper query and transfer rules.

gene

 

[nationavon]

That is exactly what I needed to know!

Do any of you know where I can find information on:

"As for Apache failover, I'd use a virtual IP address with something like heartbeat. It's a lot faster to fail over than a DNS change, and it's automatic."

Thanks for your help!
Nathan