Re: Bringing DNS In-house

"K" <@.> wrote in message news:u7802tEQJHA.5044@xxxxxxxxxxxxxxxxxxxxxxx
And how is the public going to get to this DNS Server when the IP# gets
changed on it as well when the failover happens? It will be just as
equally "unavailable" as the web servers for the same reason.

The public get the new address because if the TTL is set low enough on the
A records, it will expire and need to be resolved again. When it does it
will get the new IP addresses.

I can only "call it" based on my understanding of the environment according
to the details of your post and how well I understand them. I trust Paul
Bergson's judgment and he has posted in this too, so if I am way off
base,..then straighten me out guys :-)

Anyway,....

No matter what the TTL is set to isn't going to let the Public "get to" your
DNS because you have moved it behind your Line that has just (theoretically)
"gone down". The DNS machine itself has an IP#,...that IP# is only going
to be available from one line or the other,...not both. So it falls victem
to the same series of events that caused the primary Resource to become
unreachable by its expected IP#.

To be able to deal with this at all you will need two DNS Servers,...one
available from the Lease Line,...and one available on the Microwave Link.
Then setup your Authoritative DNS Records at your Record Holder (Internic,
Godaddy, Net Sol,..whatever) to list both of these DNS IP#s with the primary
one you want used listed first. Then at this point the TTL is irrelevant
because all they need is the "resolution" from the "perspective" of
whichever DNS Server they happen to be using at that moment.

So, you finally accomplish resolution from each line,...then what? What
is the public connecting to? There has to be something there that the
public needs to connect to making you want to do this. Will it respond to
the public no matter which line they come in through?...probably not. The
Resource (let's say it is a web server) has a Default Gateway that
associates it with only one line or the other,...not both. When it gets a
response it does *not* respond out the same path the the request came in
on,...it responds out the path determined by its own Routing Table with
respect to the Destination IP# that it needs to reach.

Now there is Dead Gateway Detection built into Windows but it may not work
very well or not at all,...I believe it is expected that your "list" of
Gateways be in the same subnet, although I am not sure about that.

Q128978 - Dead Gateway Detection in TCP/IP for Windows NT
http://support.microsoft.com/support/kb/articles/Q128/9/78.ASP

Q171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT
http://support.microsoft.com/support/kb/articles/Q171/5/64.ASP

159168 - Multiple Default Gateways Can Cause Connectivity Problems
http://support.microsoft.com/kb/159168/EN-US/

It is great that you have commercial grade links,...but I think the only
sure way to make this work is to have both from the same ISP so that Dynamic
Routing will function properly. It is up the the Line Owners (usually the
Phone Companies) to make sure they have the redundancy to keep things
working if a line is cut by construction. So you get two Lease Lines and
try to arrange with the Phone Company to see to it that each comes to your
building from a different direction so that a single cut is not likely to
take out both.

I'm not trying to be a stick-in-the-mud, but it sounds like you guys went
out and spent a bunch of money on a second Internet connection without
determining if it would even serve the intended purpose properly and how
that would even properly be accomplished. You really have to reaseach this
stuff out and find out what works (and how) and what doesn't work before you
commit to spending the money on something.

If this were water pipes it would work great,..water flows wherever there is
an opening,....but TCP/IP does not. I know people sometimes call TCP/IP
links "pipes",...but it is a bad analogy.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


.

Relevant Pages

  • Re: Windows 2003 DCs changing DNS zones in BIND
    ... > update DNS so we're sure the DCs are causing the problem. ... > test web servers with dots in their name e.g. test.server and ... > dots and changes the zone information so that they're sub zones so ...
    (microsoft.public.win2000.dns)
  • Re: machine popping off the domain after DNS query.
    ... We use a monitoring tool called event sentry. ... app would suck up about 5000 UDP ports .. ... > servers and 2 DC's running DNS. ... Between the web servers and the DC's is a ...
    (microsoft.public.windows.server.general)
  • Re: Round Robin DNS behaving strangely.
    ... reduce to 1 second) which is the same as flushing the DNS cache and I keep ... getting the same IP order based on username, ... >> Robin all requests for a specific host to two different web servers. ... It is like the DNS server is handing out the IP's ...
    (microsoft.public.windows.server.dns)
  • Re: Is it a DNS problem?
    ... nslookup on any sites except for sites that are hosted by ... Clearchannel has the following dns and web servers and they host many ...
    (microsoft.public.windows.server.dns)