Follow

How do I setup Dual-Role DNS on an Ecessa appliance?


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.

See Ecessa's full line of products and solutions

Overview

Dual Role DNS allows another site to act as a backup DNS server in the event the primary site fails and redirects inbound traffic to a disaster recovery facility. The following diagram illustrates the example networks for this article.

dual-role_example.png

The Primary site has two WAN links while the disaster recovery facility only has a single WAN link. Each site will have the domain ecessa.test locally configured. The Backup site will poll the Primary site to ensure the site is responsive and will receive the Primary’s zone data via zone transfer. The Backup site will then use the Primary’s zone data to answer DNS requests.

If the Backup site determines the Primary site is down, it will stop using the transferred zone data and resort to the zone information configured locally. When the Primary site is restored, the Backup site will return to using the Primary’s zone data once more.

Please note that the Backup site is not required to be located at the disaster recovery facility – it may just be located at a branch office or other location and be setup as a DNS server to allow inbound redirection. For this example, it assumes the backup site’s Ecessa appliance is installed at the disaster recovery facility.

Configuring Dual-Role DNS

Authoritative DNS page - both the Primary and Backup will need the domain(s) added under Domain Management.

primary_site_dns.png

On the Primary: Click on Configure for the domain to update. Confirm that the “Enable zone transfers to” setting is enabled and the text field has the appropriate WAN IP address(es) for the backup DNS server (make sure to include the addresses from every WAN the backup server answers DNS requests on). Click the Activate button to save the changes.

primary_enable_zone_transfer.png

On the Backup: On the Authoritative DNS page, select the Enable this PowerLink to act as a Backup Site and Enable this PowerLink dual role to act as a DNS Server and Backup Site settings. Next, enter the IP address(es) the Primary site uses to answer DNS requests. Enter a host name that the Primary site will resolve (such as an A record). Click Activate to save the changes.

backup_site_dns.png

Click on Configure for the domain to update. Make sure that the Serial Number under the SOA Record section is lower than the serial number on the primary. If the serial number is higher, the backup will not request a zone transfer.

backup_serial_number_-_Copy.png

If the Backup Site has received a zone transfer from the Primary unit, visualizing the domain will provide zone information similar to the following:

; NSD version 3.2.10
; zone 'ecessa.test.'   last serial 2013082301
; from 198.51.100.2 using AXFR at Fri Aug 23 13:02:16 2013
; NOT TSIG verified
$ORIGIN test.
ecessa    3600    IN    SOA    ns1.ecessa.test. hostmaster\064ecessa.test. (
        2013082302 360 60 1209600 30 )
    900    IN    NS    ns1.ecessa.test.
    900    IN    NS    ns2.ecessa.test.
    900    IN    NS    ns3.ecessa.test.
    30     IN    A     198.51.100.3
    30     IN    A     203.0.113.67
    30     IN    MX    100 mx.ecessa.test.
    30     IN    MX    105 mx.ecessa.test.

$ORIGIN ecessa.test.
ftp      30    IN    A    198.51.100.4
ftp1     30    IN    A    198.51.100.4
ftp2     30    IN    A    203.0.113.68
mail1    30    IN    A    198.51.100.5
mail2    30    IN    A    203.0.113.69
mx       30    IN    A    198.51.100.5
         30    IN    A    203.0.113.69
ns1      900   IN    A    198.51.100.2
ns2      900   IN    A    203.0.113.66
ns3      900   IN    A    192.0.2.130
portal   30    IN    CNAME    www.ecessa.test.
www      30    IN    A    198.51.100.3
         30    IN    A    203.0.113.67
www1     30    IN    A    198.51.100.3
www2     30    IN    A    203.0.113.67

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.