Re: Bringing DNS In-house
- From: "K" <no@xxxxxxxx>
- Date: Thu, 6 Nov 2008 07:32:07 -0000
I may have not written my OP very well. I am talking about failover on the
internet feed not the hardware. Hardware is already covered.
For failover I have 2 seperate internet feeds with 2 seperate suppliers. As
a result each has different IP address ranges. This means that when one
fails, the A records pointing to my servers will no longer be valid. That
means I need to update the A records at the ISP (as we use their name
servers for our domain name). Their TTL is 4 hours - so worldwide, DNS
servers will cache this I am looking at a potential 8 hour change time.
If I bring the DNS in house, I can set a short TTL (our ISP will not change
this on their servers), and either perform a manual A record change or run a
script to do so when the primary internet link fails. With a short TTL the
DNS servers around the world who cached our records will update quicker and
therefore I can reduce the time before requests go via the backup net link.
Hope this makes more sense in the context of my OP.
I think you need to re-analyze the situation.
I don't think what you are blaming is the problem
I don't think your solution is the solution
And I don't think DNS should have anything to do with your "failover".
When the ISPs adds a Record it is there as soon as the mouse goes "click".
The time lag comes from other DNS Servers out in "internet-land" because
they cache the resolutions and they don't "ask" your ISP again until their
TTL runs out. There is nothing your ISP (or you) can do about that.
Failover with servers is done through server clustering (such as Windows
NLB). You are supposed to use the NLB virtual IP# in DNS and not the IP#
of any specific machine,...then it only needs one machine to still be
alive for the Cluster to respond to a request.
I am looking to move the DNS name servers for our registered domain name
in-house away from our ISP as we are doing some resilience work and the
ISP cannot give me a better TTL than 4 hours, which is not conducive to
good failover (potential 8 hour update depending on when we register
change).
I have 2 servers in my DMZ (Server 2003 SP2) which I have installed DNS
on and have created a primary zone named domainname.com on one and a
secondary zone named domainname.com on the other with transfers between
them.
Do I need to set forwarders on these DNS servers to our ISP DNS servers?
Why or why not?
Also, when I populate this DNS with records, for example one of my web
servers in the DMZ, do I populate with the private address of the server
or the public address?
I assume the public addresses so that they are the ones handed out in
requests. But if this is the case, do I also need a CNAME for the
private address?
Apologies if these are basic questions but I have only ever worked with
DNS on private networks where resolution was internal only.
.
- Follow-Ups:
- Re: Bringing DNS In-house
- From: Phillip Windell
- Re: Bringing DNS In-house
- From: Paul Bergson [MVP-DS]
- Re: Bringing DNS In-house
- From: Paul Bergson [MVP-DS]
- Re: Bringing DNS In-house
- References:
- Bringing DNS In-house
- From: K
- Re: Bringing DNS In-house
- From: Phillip Windell
- Bringing DNS In-house
- Prev by Date: Re: Machines not being registered in DNS anymore
- Next by Date: Big problems with exchange communication; DNS and AD
- Previous by thread: Re: Bringing DNS In-house
- Next by thread: Re: Bringing DNS In-house
- Index(es):
Relevant Pages
|
