I have a FreeBSD box (hostA) running NSD. It has a management address
(10.0.0.2) and a service address (10.0.0.3). It is part of a clustered
pair with a Linux machine (hostB) that has a management address
(10.0.0.4) and a service address (10.0.0.5). DNS queries are sent to the
two service addresses. Heartbeat is used to co-ordinate the pairs: if
hostB goes offline, then the service address (10.0.0.5) is brought up on
hostA so that it can answer queries, and vice versa.
The problem is this: without an ip-address entry in nsd.conf, responses
are sent from the management address (10.0.0.2) since that is the
"primary" interface of the host. I can fix this during normal operations
by adding an ip-address entry for 10.0.0.3.
However, during failover, queries sent to 10.0.0.5 will be answered with
the wrong source address. Again, I could fix this using an ip-address entry.
But - when the machine boots, this IP address isn't assigned to hostA,
so if it appears in nsd.conf, NSD will refuse to start. BIND (which I'm
using on hostB) doesn't have this problem.
Has anyone else solved this problem? Or do I need to write scripts to
munge nsd.conf and restart it during failover/failback?
This solution might work for Linux, but not FreeBSD. I could switch the
daemons round and run BIND on the FreeBSD box and NSD on the Linux box,
but that just seems like a cop-out.
It'd be nice if NSD had a way to reload its configuration without
restarting.
This solution might work for Linux, but not FreeBSD. I could switch the
daemons round and run BIND on the FreeBSD box and NSD on the Linux box,
but that just seems like a cop-out.
On FreeBSD you could use pf to redirect the traffic through your desired
interface:
/etc/pf.conf
ext_if="em1" # network service device
nat on $ext_if from any to any port 53 -> ($ext_if)
binat on $ext_if from 10.0.0.3 to any -> $ext_if
It'd be nice if NSD had a way to reload its configuration without
restarting.
I was never able to resolve this issue, but Bert Hubert recently posted on a related topic. If NSD did what PowerDNS now does, this would resolve my problem!
On binding datagram (UDP) sockets to the ANY addresses:
I was never able to resolve this issue, but Bert Hubert recently
posted on a related topic. If NSD did what PowerDNS now does, this
would resolve my problem!
On binding datagram (UDP) sockets to the ANY addresses:
This is listed on the NSD4-feature-wishlist for 4.1.
Unbound 0.9 has this implemented, (it is called interface-automatic:
yes for unbound).
I use 'outgoing-interface: 10.0.0.3' in my config, per domain. Annoying
that I can't set it globally, but I have a template I copy-and-paste for
my domains.
You can put the service IP on a loopback interface, so even if the
host is "sleeping", nsd can bind that IP trough the loopback in a
local scope.
That works! I tweaked the rc.d script to set up the service address on the loopback interface immediately before NSD starts (in the start_precmd routine), and then remove it as soon as it has started (by adding a start_postcmd) routine. Now the service address can flip-flop between the two hosts without disrupting the service.
