[Janus / twin Alix2] #4 Twin DNS & DHCP servers

Home Page Forums Network Management ZeroShell [Janus / twin Alix2] #4 Twin DNS & DHCP servers

This topic contains 1 reply, has 0 voices, and was last updated by  PatrickB 3 years, 7 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #44331

    PatrickB
    Member

    Hello.

    Today I give you my solution for having a backup DNS & DHCP server on my LAN, in the context of twin LAN Masters.

    The goal is to have a valid solution , handy to maintain, to keep the services up in case the prime would be off for a long time (hardware issue…).

    Solution for the DHCP server

    It is trivial, the prime and backup servers have the same settings excepted the IP ranges that must not conflict, of course…

    We cannot choose which DHCP will handle a given client, but it does not matter: there is one and they serve the same information.

    If I needed a large IP range, the servers would share it then only one should be active at once:
    – need to switch the backup DHCP on/off though a script,
    – potential conflicts when leases are renewed on the other server with its list reset…

    Solution with a slave DNS server

    This is easy to setup, but the slave DNS server is a read-only copy of the prime. The ZS GUI does not enable to edit it.

    In case the prime server would be off for a long time, and some change would be needed in the zone, how to do that ?

    For this reason I prefer to have 2 clone prime DNS servers, with a solution to avoid conflicts and easily replicate the settings of the zone.

    Solution with 2 clone DNS servers

    In the next post I will show how I easily replicate the whole DNS zone.

    The active LAN Master is the gateway and traditionally uses the IP .1, then the twin servers both have a different administrative IP address that is always up:
    – prime, named Janus1, uses .11,
    – backup, named Janus2, uses .12.

    💡 Then both have .1 preset but only the active one has it up,

    …and finally the zone is actually controlled by “Janus”, the one using .1, as defined below (this is LDIF extraction, see the next post):


    # @, mydomain, lan, DNS, mydomain.lan
    dn: relativeDomainName=@,dc=mydomain,dc=lan,ou=DNS,dc=mydomain,dc=lan
    objectClass: top
    objectClass: dNSZone
    relativeDomainName: @
    zoneName: mydomain.lan
    mXRecord: 10 mail.mydomain.lan.
    nSRecord: janus.mydomain.lan.
    sOARecord: janus.mydomain.lan. reports.mail.mydomain.lan. 2014040102 86400 7200 3600000 172800

    # janus, mydomain, lan, DNS, mydomain.lan
    dn: relativeDomainName=janus,dc=mydomain,dc=lan,ou=DNS,dc=mydomain,dc=lan
    objectClass: top
    objectClass: dNSZone
    relativeDomainName: janus
    zoneName: mydomain.lan
    aRecord: 192.168.xxx.1
    pTRRecord: janus.mydomain.lan.
    tXTRecord: "Either Janus1 or Janus2"

    # janus1, mydomain, lan, DNS, mydomain.lan
    dn: relativeDomainName=janus1,dc=mydomain,dc=lan,ou=DNS,dc=mydomain,dc=lan
    objectClass: top
    objectClass: dNSZone
    relativeDomainName: janus1
    zoneName: mydomain.lan
    aRecord: 192.168.xxx.11
    pTRRecord: janus1.mydomain.lan.
    tXTRecord: "MyDomain's LAN Master (prime)"
    hInfoRecord: "Alix 2D13" "Zeroshell"

    # janus2, mydomain, lan, DNS, mydomain.lan
    dn: relativeDomainName=janus2,dc=mydomain,dc=lan,ou=DNS,dc=mydomain,dc=lan
    objectClass: top
    objectClass: dNSZone
    relativeDomainName: janus2
    zoneName: mydomain.lan
    aRecord: 192.168.xxx.12
    pTRRecord: janus2.mydomain.lan.
    tXTRecord: "MyDomain's LAN Master (backup)"
    hInfoRecord: "Alix 2D13" "Zeroshell"

    This makes the zone generic, and once the prime server has been disconnected, just switching the IP .1 up on the backup server makes it become the LAN Master.

    Then in a next post it will be done automatically, of course, using: ifconfig BRIDGE01:00 up or down

    Hmmm… 😕 I found a little issue, due to the switch connected to the twin servers:
    When I unplug the prime then switch the IP .1 up on the backup server, the switch does not understand the change immediately, then the .1 no longer pings from the LAN 👿
    Just un/replugging the backup server suffices to reroute the .1 but I hope I will find a better solution than switching the whole NIC off/on to force it…

    Now the essential continuation of this is the next post: how to easily backup, restore and replicate parts of the LDAP database.

    Hope it can help someone.

    Ideas for improvements are welcome.

    Best regards.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.