[Pdns-users] pdns-recursor + heartbeat
Chris Foote
chris at inetd.com.au
Thu Dec 21 01:37:58 UTC 2006
On Wed, 20 Dec 2006, Matt Patterson wrote:
> I have a small issue. I'm attempting to setup 2 pdns-recursor servers on
> our network in a cluster using the heartbeat high availability foo.
>
> Here's my problem. In the configuration, it states that I need to set
> local-addresses in order to get pdns-recursor up and running otherwise
> it only listens on localhost. In previous versions, it apparently bound
> to any but was changed due to security issues with some admins having
> open resolvers. Here's where I start to run into an issue...Within my
> cluster configuration, I'm doing an Active/Active setup so one server
> takes one IP and the other gets a different IP. If one node in the
> cluster fails, the IP moves over to the other server. This causes a
> problem for pdns-recursor as that new IP is not in the configuration so
> even though it has successfully moved over to the other server, it is
> not serving up DNS so to the end user, it is down. Adding it to the
> pdns configuration ahead of time causes an issue where the pdns-recursor
> does not start as this is considered a mistake in the configuration.
>
> Has anyone else run into an issue like this? Is there a way to get
> pdns-recursor to bind to any?
Hi Matt.
I was in a similar situation with getting pdns listening on IP aliases
that aren't available at daemon startup. I wanted to have pdns running
and responding successfully to test queries and then bring up IP aliases
which were then advertised via OSPF to routers. The obvious way to do this
was to configure pdns to listen on 0.0.0.0, however pdns responses contain
the source IP of the main ethernet interface, not that of the IP alias.
The fix for me was to bind to the ethernet alias addresses, and use
the somewhat obsure Linux kernel sysctl net.ipv4.ip_nonlocal_bind to
allow binding to addresses that aren't present - i.e. perform a
sysctl -w net.ipv4.ip_nonlocal_bind=1 and add
net.ipv4.ip_nonlocal_bind=1
to your /etc/sysctl.conf to make it active at boot time.
This might be ideal in your case as well.
Best regards,
Chris
More information about the Pdns-users
mailing list