Overview
Dual Role DNS allows another site to act as a backup DNS server in the event the primary site fails and redirects inbound traffic to a disaster recovery facility. The following diagram illustrates the example networks for this article.
The Primary site has two WAN links while the disaster recovery facility only has a single WAN link. Each site will have the domain ecessa.test locally configured. The Backup site will poll the Primary site to ensure the site is responsive and will receive the Primary’s zone data via zone transfer. The Backup site will then use the Primary’s zone data to answer DNS requests.
If the Backup site determines the Primary site is down, it will stop using the transferred zone data and resort to the zone information configured locally. When the Primary site is restored, the Backup site will return to using the Primary’s zone data once more.
Please note that the Backup site is not required to be located at the disaster recovery facility – it may just be located at a branch office or other location and be setup as a DNS server to allow inbound redirection. For this example, it assumes the backup site’s Ecessa appliance is installed at the disaster recovery facility.
Configuring Dual-Role DNS
Authoritative DNS page - both the Primary and Backup will need the domain(s) added under Domain Management.
On the Primary: Click on Configure for the domain to update. Confirm that the “Enable zone transfers to” setting is enabled and the text field has the appropriate WAN IP address(es) for the backup DNS server (make sure to include the addresses from every WAN the backup server answers DNS requests on). Click the Activate button to save the changes.
On the Backup: On the Authoritative DNS page, select the Enable this PowerLink to act as a Backup Site and Enable this PowerLink dual role to act as a DNS Server and Backup Site settings. Next, enter the IP address(es) the Primary site uses to answer DNS requests. Enter a host name that the Primary site will resolve (such as an A record). Click Activate to save the changes.
Click on Configure for the domain to update. Make sure that the Serial Number under the SOA Record section is lower than the serial number on the primary. If the serial number is higher, the backup will not request a zone transfer.
If the Backup Site has received a zone transfer from the Primary unit, visualizing the domain will provide zone information similar to the following:
; NSD version 3.2.10
; zone 'ecessa.test.' last serial 2013082301
; from 198.51.100.2 using AXFR at Fri Aug 23 13:02:16 2013
; NOT TSIG verified
$ORIGIN test.
ecessa 3600 IN SOA ns1.ecessa.test. hostmaster\064ecessa.test. (
2013082302 360 60 1209600 30 )
900 IN NS ns1.ecessa.test.
900 IN NS ns2.ecessa.test.
900 IN NS ns3.ecessa.test.
30 IN A 198.51.100.3
30 IN A 203.0.113.67
30 IN MX 100 mx.ecessa.test.
30 IN MX 105 mx.ecessa.test.
$ORIGIN ecessa.test.
ftp 30 IN A 198.51.100.4
ftp1 30 IN A 198.51.100.4
ftp2 30 IN A 203.0.113.68
mail1 30 IN A 198.51.100.5
mail2 30 IN A 203.0.113.69
mx 30 IN A 198.51.100.5
30 IN A 203.0.113.69
ns1 900 IN A 198.51.100.2
ns2 900 IN A 203.0.113.66
ns3 900 IN A 192.0.2.130
portal 30 IN CNAME www.ecessa.test.
www 30 IN A 198.51.100.3
30 IN A 203.0.113.67
www1 30 IN A 198.51.100.3
www2 30 IN A 203.0.113.67
0 Comments