0

I want have two master dns servers. Every one of servers has single different external IP. I read about dns server that:

'The most significant caveat to this design is that both masters MUST now be kept in sync and have identical data.'

First question: What does it mean "masters must be kept in sync"?

Second question: Let's say I have at A server dns docker in Arch Linux built few years ago. At B server I have debian based dns docker with different architecture of dirs in bind. Is it possible to have identical data in both servers? How it should be look like? Do we only need identical zones?

EDIT1: I have two proxy servers too. I want to host one website(one domain) on two servers. I want have two independent servers and host websites on them independently.

EDIT2: How should look like dns zone? Is it could be something like below:?

TTL 86400

@ IN SOA (2017121413 10800 604800 10800 )

@ IN NS ns1.example.com.

@ IN NS ns2.example.com.

ns1 IN A IP_server_1

ns2 IN A IP_server_2

@ IN A IP_server_2

www IN A IP_server_2

@ IN A IP_server_1

www IN A IP_server_1

Improve this question
2
  • Why do you need two master DNS servers, as opposed to the more usual structure?
    – grawity_u1686
    Commented Jul 19, 2019 at 15:12
  • @grawity I find 2 masters the easiest way of dping things, because it cuts down the attack area, and is trivial to.do woth database replication.
    – davidgo
    Commented Jul 20, 2019 at 2:56

2 Answers 2

Reset to default
1 
  What does it mean "masters must be kept in sync"?

It means that the information on both servers needs.to be kept the same (ie you need to make changes to both at thr same time). Realistically though, DNS has a lot of caching, so while the data needs to be synced to both within a shortish timeframe, it does not need to be done synchronously.

  Is it possible to have identical data in both servers?

In BIND you need to have the same zone file information or equivalent. (I would look to having zones served out a replicated database, but you do want multiple databases so you dont have a single point of failure.)

Improve this answer
0

The point here is that, if you resolve some.host.net, it should resolve to the same IP address on both masters. The replies should be identical. Also for all other functions of DNS.

You can let the different DNS servers provide different answers. For example: you can add a test host to see which DNS server is actually used. That can be useful if, for example, you use anycast DNS (see https://ljm.home.xs4all.nl/anycast/index.html for an example).

If you make different masters resolve differently, you must understand the effect that this has on your network. If you just point your systems directly to one of the two masters, it is predictable. If you use the second master as secondary DNS server, it becomes a bit less transparent. If you use many caching DNS servers, the results could be surprising.

The directory structure and architecture do not need to be the same. Keeping two masters in sync is just much more simple if both masters are the same.

Improve this answer
1
  • I am sorry for misunderstanding. I edited question. I want to resolve some.host.net to different IP. It depends on which dns server will get request. If request will go to dns_server_1 then I want that dns_server_1 will response IP of this dns_server_1. If request will go to dns_server_2, then it should response IP of dns_server_2 IP. I want to have independent servers. Is it possible?
    – gongarek
    Commented Jul 22, 2019 at 10:12

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .