5

I am trying to design a system with 2 servers that act as both DHCP and DNS servers with dynamic updates. I am using ISC DHCP and BIND9.

It looks like this.

Server1 - DHCP primary and DNS master. IP address - 10.99.99.11

Server2 - DHCP secondary and DNS slave. IP address - 10.99.99.12

DHCP servers are configured to dynamically update the DNS zones.

Everything is working correctly until the master DNS server goes down and a dynamic update occurs at that time.

The question is how can I achieve a setup where dynamic updates from any of the DHCP servers can be done regardless of the DNS master server being up or down?

I tried to configure update forwarding on the slave DNS, thinking that it "caches" the updates until the master DNS server comes back, and then forwards the "cached" updates, but it doesn't seem to work. My assumption is based on this answer to a very similar question

Log from the slave DNS server at the time that the master is down (sometimes the last line does not appear at all):

Jun  9 05:02:02 localhost named[2767]: client 10.99.99.11#40668/key dhcpupdate: signer "dhcpupdate" approved
Jun  9 05:02:02 localhost named[2767]: client 10.99.99.11#40668/key dhcpupdate: forwarding update for zone 'scetest.com/IN'
Jun  9 05:02:02 localhost named[2767]: zone test.com/IN: could not forward dynamic update to 10.99.99.11#53: operation canceled

DNS Master zone configuration:

zone "test.com" {
  type master;
  file "data/db.test.com";
  allow-update {
    10.99.99.11; 
    10.99.99.12; 
    key dhcpupdate; 
  };
};

zone "99.99.10.in-addr.arpa" {
  type master;
  file "data/db.10.99.99";
  allow-update {
    10.99.99.11; 
    10.99.99.12; 
    key dhcpupdate; 
  };
};

DNS Slave zone configuration:

zone "test.com" {
  type slave;
  file "data/db.test.com";
  masters { 10.99.99.11; };
  allow-update-forwarding {
    10.99.99.11; 
    10.99.99.12; 
    key dhcpupdate; 
  };
};

zone "99.99.10.in-addr.arpa" {
  type slave;
  file "data/db.10.99.99";
  masters { 10.99.99.11; };
  allow-update-forwarding {
    10.99.99.11; 
    10.99.99.12; 
    key dhcpupdate; 
  };
};

DDNS configuration

ddns-update-style interim;

key dhcpupdate {
  algorithm hmac-md5;
  secret SomeSecret;
}

zone 99.99.10.in-addr.arpa {
  primary 10.99.99.11;
  secondary 10.99.99.12;
  key dhcpupdate;
}

zone test.com {
  primary 10.99.99.11;
  secondary 10.99.99.122;
  key dhcpupdate;
}

P.S. I know that some people set up LDAP or some SQL databases as backend for storing the zone information for their DNS servers but I am still trying to avoid using other tools than BIND.

Ruben Tsirunyan
  • 81
  • 2
  • 9

0 Answers0