DNS Server, Dual IPs or two machines?

[gonzzor]

Hi...

I'm going to set up a new server where I gonna run some web, sql and mail services... I add anohter domain/zone sometimes, about one i 1 - 2 months...
Now i'm paying for the DNS service but I'm planning to take over that my self... I can only set up one server at the current location at the moment....

* First of all, should I go with BIND9 or should I try something else?

The only thing the DNS server will point out is it self so if DNS service dies, the rest of the computer is surley dead also... (If there aren't any bug in BIND or something like that)
When registering .se domains the NIC-se requieres two different IPs for the NameServers... I have two public IPs for my server if I like so.

* Second, How is the best way to handle this situation?
Should I bind BIND to 2 IPs, on same IFs or on two different IFs?
Should I run 2 BIND processes with different IP config, with one as a slave, or could I run both as master?
Any other good solution to this problem?

* Third, I now it is "bad" to run both the DNS servers on the same machine, but not how bad?

* Fourth, Can I configure BIND to answare to all subdomains on a domain?
If I have a example.com and what oeqij.example.com be directed to example.com, so whatever is typed before .example.com should go to example.com.

Hope someone can come with some intressting thaughts about this matter, since I'm gonna start installtion gentoo on in about 2 days...
_________________
After 5 hours trying to install PHP 4 on FreeBSD I missed my Gentoo machine...

[ikaro]

I'd recomend BIND as the name server software.
And it is a bad thing to run all the name servers in 1 machine - if it goes down, and the ttl gets passed no one will be able to reach your website
and even worse you wont get any email.

ask some of your buddies if they have a name server setup where they can run a slave for you - eventually you can run slave for them.
get 5 buddies and your problems are solved.
The best solution is a name server in every Continent.

I have 4 in denmark and 1 in the usa + my own.
no problem at all.
_________________
linux: #232767

[gonzzor]

Well... I might look around for anohter DNS server afterall...

So am I getting this right, If my DNS server is down to long, my domain will get "lost in space" since no one can point out a correct IP for it..

For web services that I could live with, but it is as you say the email... Dunno how email servers will handle it if the IP can't be determent... Will it just bounce the email, or will it continue to try until it reaches TTL... (Well it might bounce and say that there is a problem, but it will go on and try
_________________
After 5 hours trying to install PHP 4 on FreeBSD I missed my Gentoo machine...

[painethom]

I host about 5 or 6 sites and I use my ISP for slave. I have a good relationship with them, and they have a 10 MX on my email as well, so that if my server happens to be off for a few hours email still work, but I can get it rebooted.

I run everything off 1 IP and I master my domains. It works for me and my needs.

[ikaro]

And what do you think it will happen when the MX record on the name server timeouts ?
A MX backup server is good if you have slave name servers also with the entries - otherwise it doesn't matter,
when the name server goes down - it takes everything down with it.
_________________
linux: #232767

[painethom]

[ikaro]

yes - but the entries are in the AUTH name server ( the primary ) which also has the info where the secundary and MX servers are.
so when the primary goes down and the TTL is over - no one knows where the servers are.

Client ->requests(where is mail.myhost.com ?) ->ISP DNS requests(asking the authorative DNS for myhost.com, where is mail.myhost.com ->answers( mail.myhost.com is at 123.123.123.123) -> ISP DNS to Client -> mail.myhost.com is at 123.123.123.123.
<End of conversation>

however if the authorative is down it will look like this:

Client request (Where is mail.myhost.com ?) -> ISP DNS request(asking the Authorative DNS for myhost.com, where mail.myhost.com is --> request timeout - looks like the primary DNS server for myhost.com is down - trying secundary DNS --> where is the secundary DNS server ? -> asking the primary ----> timeout looks like the primary is down ---> Answer to the Client -> Cant find mail.myhost.com
mail bounces.
_________________
linux: #232767

[gonzzor]

Not sure I'm following you on that one...
Didn't his ISP run a DNS slave for him? Wich is pointed out by the .com AUTH like
myhost.com Hmm trie these NS...
NS ns1.myhost.com
NS ns.hisisp.com

ns.hisisp.com holds the same information as ns1.myhost.com?

Well, people uses DNS caches so if ns1.myhost.com goes down will the DNS cache check for that before respond to the DNS request?
I don't think it will, or am I wrong? So for them the myhost.com will look like it is gone...

Mail however does real DNS lookups, right?

So the problem isn't really there?

Haven't read about the MX backup servers, but will it just save the mails until the main server comes up and forward them there or what will happen?
_________________
After 5 hours trying to install PHP 4 on FreeBSD I missed my Gentoo machine...

[ikaro]

this is easy to get confused.

hisisp.com and hishost.com are two different things - unless they have the same authorative name servers.
But the point is that you should _not_ run both authorative(primary) and slaves(secundary) name servers on the same machine.
_________________
linux: #232767

[gonzzor]

You are right on that one...

Gonna look for some solution where I can have a slave DNS and a Backup Mail server... Didn't think of that until now..

Thanks for the help about this...
_________________
After 5 hours trying to install PHP 4 on FreeBSD I missed my Gentoo machine...

[kashani]

Couple of notes on this.

It used to be that having your nameservers down didn't tend to break too much with your email. Today many mail server will drop mail on the floor if they can not resolve your domain instead of queuing it up and attempting to deliver it over the course of a few days. I've also seen ISP's reject mail because one of three name servers was down and they did not query any other name servers after the initial failure. In this case it was actually the tertiary name server that was down and not the primary.

The moral of all that is make sure your DNS is working on all your servers or you will lose mail. You may only lose a few pieces depending on who emails you from which ISP, but it's in your best interest to have all your name servers up.

As to the whole master vs slave thing set your expire variable to 1-2 weeks so that your slave server can operate that long before it needs to hear from the master. You may still have some issues with your primary name server down, but any correct DNS query will hit your secondary quickly and still be able to get addresses.

I would highly recommend having two name servers. Just this past week I lost a name server. Within a few minutes I had kicked the crashed one off the network, added its IP to the secondary name server, restarted BIND, cleared arp, and no one was the wiser.

Assuming you only had the resources to run a single server. I'd have someone else slave your domain as a secondary and tertiary servers. If you lose a name server you can edit your whois records to use the second and third nameservers as your only name servers. It's not very clean, but whois updates every 5 minutes these days, so it can greatly reduce any downtime or weird issues.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

[pharoh]

we run a mid sized isp and our primary and secondary name servers run gentoo on PII 300's /w 256mb ram we have 150+ domains. we did find our that bind will eat up ALL available memory in the machine for it's cache (ours are REALLY busy) so we had to set a limit on named.
_________________
Linux user number 361815

[ikaro]

On that über fast machine it makes sense to set limits.

customer: Hi, I have a problem with my connection... it seems that dns lookups are very slow..

isp-support: dear sir, thats because our name servers run on p2 300mhz with 256mb ram.
unless you want to pay more for your connection - I advice you to stfu. thank you for your call .. next !

_________________
linux: #232767

[pharoh]

we had a p4 1.6Ghz machine there for a while and needed it so we swapped HDD's and put the pII machines in and no one was the wiser. lookups did not seem to take longer.
_________________
Linux user number 361815