Discussion:
DDNS with multiple primary DNS servers
Ingen Schenau, Jeroen van (ICTS)
2011-06-21 12:49:23 UTC
Permalink
Hi,

I recently started with dynamic DNS, using dhcpd to dynamically update a
DNS zone in BIND. There are some excellent tutorials on the web, so it
was relatively easy to implement.

There's only one thing I can't get working yet: we have two primary
(master) DNS servers and only the first server is updated. So all our
zones are defined on two DNS servers, both master, with virtually
identical configs built from a database.

I listed both servers in the config; dhcpd.conf snippet:

zone roaming.mydomain.example {
primary 10.0.0.2, 10.0.0.3;
key dhcp_updater;
}

While the dhcpd.conf manpage doesn't say anything about multiple
primaries, the comments in the source (common/dns.c) indicate that it
should be supported:

* The way this works is that you define the domain name to which an
* SOA corresponds, and the addresses of some primaries for that domain
name:
*
* zone FOO.COM {
* primary 10.0.17.1;
* secondary 10.0.22.1, 10.0.23.1;
* key "FOO.COM Key";
* }
*
* If an update is requested for GAZANGA.TOPANGA.FOO.COM, then the name
* server looks in its database for a zone record for
"GAZANGA.TOPANGA.FOO.COM",
* doesn't find it, looks for one for "TOPANGA.FOO.COM", doesn't find
*that*,
* looks for "FOO.COM", finds it. So it
* attempts the update to the primary for FOO.COM. If that times out,
it
* tries the secondaries. You can list multiple primaries if you have
some
* kind of magic name server that supports that.


So I was wondering: does anyone use DDNS with a "multi master" DNS setup
or are we just weird for trying such a thing? Is it supported or not and
might this be a bug?

I tested with dhcpd 4.2.1 built from source; I'm afraid my C skills are
limited so I'm not sure how to analyze/debug this further myself. I'd
appreciate any insights you dhcpd-gurus might offer ;)


By the way: while it's theoretically possible to change the setup for
our "roaming.mydomain.example" zone to a master/slave config, it would
be hard to fit into our config build procedures. So if possible I prefer
to dynamically update two DNS servers from DHCP.


Regards,

Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands
Simon Hobson
2011-06-21 14:04:54 UTC
Permalink
Post by Ingen Schenau, Jeroen van (ICTS)
There's only one thing I can't get working yet: we have two primary
(master) DNS servers and only the first server is updated. So all our
zones are defined on two DNS servers, both master, with virtually
identical configs built from a database.
Both of those are show stoppers - period.

Firstly, DHCPD will only update a single server, and relies on that
to send updates to the other servers. Since DHCPD was written at ISC,
and ISC BIND already has a good update mechanism for multiple servers
then I think it's easy to see why they'd avoid the duplication and
complexity* of updating multiple servers directly from the DHCP.
* It doesn't take too much thought to see that updating multiple
servers, with all the permutations of success and failure possible,
would quickly get complicated and/or inefficient and/or error prone.

Secondly, dynamic updates assume a DNS model with dynamic zone
contents. This is fundamentally incompatible with a zone generated
from an outside source unless you also allow updates from the DNS
server back into the source (database in this case).


In theory you could "do your own thing" by using "on event" triggers
in DHCPD to call your own scripts that will do the updates. I have no
idea how easy (or otherwise) this would be.
--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
Ingen Schenau, Jeroen van (ICTS)
2011-06-21 15:09:12 UTC
Permalink
Hi,
Post by Simon Hobson
Post by Ingen Schenau, Jeroen van (ICTS)
There's only one thing I can't get working yet: we have two primary
(master) DNS servers and only the first server is updated. So all our
zones are defined on two DNS servers, both master, with virtually
identical configs built from a database.
Both of those are show stoppers - period.
Firstly, DHCPD will only update a single server, and relies on that
to send updates to the other servers. Since DHCPD was written at ISC,
and ISC BIND already has a good update mechanism for multiple servers
then I think it's easy to see why they'd avoid the duplication and
complexity* of updating multiple servers directly from the DHCP.
* It doesn't take too much thought to see that updating multiple
servers, with all the permutations of success and failure possible,
would quickly get complicated and/or inefficient and/or error prone.
That's a good point, error handling and remaining consistency (as Glenn
also points out) would be quite hard.

Then perhaps multi-master updates haven't been implemented for good
reasons, contrary to what the source comments suggest.
Post by Simon Hobson
Secondly, dynamic updates assume a DNS model with dynamic zone
contents. This is fundamentally incompatible with a zone generated
from an outside source unless you also allow updates from the DNS
server back into the source (database in this case).
True. In our specific case, this one zone would never be fed from or
stored back to the database, but the configuration with the zone
definition (and whether the servers are master or slave) is generated
equally for all servers.
Post by Simon Hobson
In theory you could "do your own thing" by using "on event" triggers
in DHCPD to call your own scripts that will do the updates. I have no
idea how easy (or otherwise) this would be.
I wouldn't feel comfortable with "on event" triggers and external
nsupdate calls for this functionality.

Thanks for your insights (and Glenn, thank you too!). We'll concentrate
on changing our DNS config scripts, so we can do master/master for all
static zones and master/slave for the dynamic part.


Regards,

Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands
Paul B. Henson
2011-06-21 21:27:26 UTC
Permalink
Post by Ingen Schenau, Jeroen van (ICTS)
Then perhaps multi-master updates haven't been implemented for good
reasons, contrary to what the source comments suggest.
I read the comments as meaning it will keep trying the servers listed
until it finds one to talk to, not that it will talk to every one every
time...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | ***@csupomona.edu
California State Polytechnic University | Pomona CA 91768
Glenn Satchell
2011-06-21 14:12:05 UTC
Permalink
Post by Ingen Schenau, Jeroen van (ICTS)
Hi,
I recently started with dynamic DNS, using dhcpd to dynamically update a
DNS zone in BIND. There are some excellent tutorials on the web, so it
was relatively easy to implement.
There's only one thing I can't get working yet: we have two primary
(master) DNS servers and only the first server is updated. So all our
zones are defined on two DNS servers, both master, with virtually
identical configs built from a database.
zone roaming.mydomain.example {
primary 10.0.0.2, 10.0.0.3;
key dhcp_updater;
}
While the dhcpd.conf manpage doesn't say anything about multiple
primaries, the comments in the source (common/dns.c) indicate that it
* The way this works is that you define the domain name to which an
* SOA corresponds, and the addresses of some primaries for that domain
*
* zone FOO.COM {
* primary 10.0.17.1;
* secondary 10.0.22.1, 10.0.23.1;
* key "FOO.COM Key";
* }
*
* If an update is requested for GAZANGA.TOPANGA.FOO.COM, then the name
* server looks in its database for a zone record for
"GAZANGA.TOPANGA.FOO.COM",
* doesn't find it, looks for one for "TOPANGA.FOO.COM", doesn't find
*that*,
* looks for "FOO.COM", finds it. So it
* attempts the update to the primary for FOO.COM. If that times out,
it
* tries the secondaries. You can list multiple primaries if you have
some
* kind of magic name server that supports that.
So I was wondering: does anyone use DDNS with a "multi master" DNS setup
or are we just weird for trying such a thing? Is it supported or not and
might this be a bug?
I tested with dhcpd 4.2.1 built from source; I'm afraid my C skills are
limited so I'm not sure how to analyze/debug this further myself. I'd
appreciate any insights you dhcpd-gurus might offer ;)
By the way: while it's theoretically possible to change the setup for
our "roaming.mydomain.example" zone to a master/slave config, it would
be hard to fit into our config build procedures. So if possible I prefer
to dynamically update two DNS servers from DHCP.
Regards,
Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands
You could try a packet capture (tcpdump/snoop/wireshard, etc) and see if
dhcpd sends a packet to both name servers?

One possible argument for not doing multiple master dns servers with
dynamically updated zones is what should happen if dhcpd were, say, able
to update the first primary, but failed when doing the second. Should it
try to undo the update to the first dns server? What if an old entry
exists in one dns server but not the other? I guess all these questions
relate to consistency - not such a problem in your other zones with
static entries generated from your database.
--
regards,
-glenn
Loading...