Is going to work this failover scheme?

Question

I have two replicated LAMP servers, one as slave and the other as master:

Master: Name = master.kimsufi.com - IP = 5.5.5.1
Slave:  Name = slave.kimsufi.com  - IP = 5.5.5.2

(as you can see, both are registered with kimsufi)

With these servers and without an additional IP address, my purpose is host a www.domain.com with Master and in case it fails transfer the control to the slave (I know there is software like Heartbeat that allows this but needs a virtual IP, it is, an additional IP address and Kimsufi doesn't allow that ).

I was thinking in this problem and "found" a possible solution that I'm sure is not valid because I haven't found it published anywhere (and my network knowledge is low). May be you can help me to see the problem.

The idea is to add a DNS server in each server and configure the slave as a backup server in case Master cannot resolve. More or less the idea is to setup in the register domain.com something like this:

Primary DNS: Master (5.5.5.1)
Secondary DNS: Slave (5.5.5.2)

Then, the Master server will be configured as usual, pointing his bind9 service to the Master server:

$TTL        86400
@       IN      SOA     master.kimsufi.com. user.gmail.com. (
                        2014011302       ; serial, todays date + todays serial #
                        28800              ; refresh, seconds
                        7200              ; retry, seconds
                        604800              ; expire, seconds
                        86400 )            ; minimum, seconds
;

domain.com.   86400 A        5.5.5.1
domain.com.      NS        master.kimsufi.com.
domain.com.      NS        slave.kimsufi.com.
www           86400 A        5.5.5.1

And the slave:

$TTL        86400
@       IN      SOA     slave.kimsufi.com. user.gmail.com. (
                        2014011304       ; serial, todays date + todays serial #
                        28800              ; refresh, seconds
                        7200              ; retry, seconds
                        604800              ; expire, seconds
                        86400 )            ; minimum, seconds
;

domain.com.   86400 A        5.5.5.2
domain.com.      NS        master.kimsufi.com.
domain.com.      NS        slave.kimsufi.com.
www           86400 A        5.5.5.2

So if you try a dig with this you'll get something like:

ivan@local:~$ dig domain.com NS

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> domain.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33268
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.com.            IN  NS

;; ANSWER SECTION:
domain.com.     86400   IN  NS  master.kimsufi.com.
domain.com.     86400   IN  NS  slave.kimsufi.com.

;; Query time: 87 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Jan 14 15:30:11 2015
;; MSG SIZE  rcvd: 78

The idea is that as Master is the primary name server, it will process any query for domain.com but if it is offline, Slave do the job.

I haven't tested it, it's just an idea (currently I only own a server at kimsufi). Is it possible? What are the fail in this scheme?

Answer 1

The failure in that scheme is that DNS in a master/slave setup can not actually serve different records for a single domain. In fact, the slave server should receive the zone file from the master to ensure it is serving the exact same information.

Answer 2

First of all you need to setup your dns servers properly.

Your setup is somewhat unorthodox and it will probably fail on standard checks (for example your SOA record must be the same on all nameservers serving the zone)

The proper way to setup a Master/Slave DNS server is that you setup your master and configure the slave to AXFR transfer the zone to it from the master.

So both DNS servers will serve requests at any time and any changes to the zone should be done only on the master server. After any changes you simply reload the zone on the master and it will be automatically transferred to the slave as well.

There are numerous tutorials on the web on how to setup any DNS server with a master/slave configuration.

With a standard Master/Slave configuration with zone-transfers you don't have to worry about failovers in the DNS level.
Those are automatically handled by the DNS protocol itself.
So if one nameserver is down, the DNS resolver querying your domain will automatically go to the next available Nameserver (as defined in the NS records of your zonefile)

Now to serve your HTTP traffic you simply add 2 A records pointing to the 2 servers' IPs.

domain.com.   86400 A        5.5.5.1
domain.com.   86400 A        5.5.5.2
www           86400 A        5.5.5.1
www           86400 A        5.5.5.2

This way when the browser wants to connect to the website, it will see that there are 2 IPs serving the website, and it will choose the first one that the DNS server responded with. If that IP does not respond to any requests then it will automatically try the next one.

The same goes if an IP is working and then is suddenly stops responding to requests. The browser will automatically switch to the next IP (with some delay of course the first time)

Essentially with having 2 A records you get High Availability/Redundancy plus Load Balancing since the DNS servers will serve the IPs in a round-robin fashion to the clients.

Keep in mind though that the above setup requires that both servers have the exact same content to serve.
So if your website is dynamic with a database backend you should probably have to configure database master-master replication, a way of replicating sessions (if that's important to the website) and some way of replicating the files as well.

Again, this is highly dependent on your website so there is no one-solution-for-all