Thread: inbound DNS configuraton problem
View Single Post
  #2 (permalink)  
Old 2007-11-29
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 1,070
Rep Power: 3
mcnallym has an average reputation (10+)
Default Re: inbound DNS configuraton problem
I think slightly misunderstanding how the DNS would work. This is how I would set it up.

2 DNS Servers in the DMZ. 1 per ISP Link. This is not a HA DNS System. DNS1 will respond with IP from ISP1 and DNS2 will respond with IP from ISP2.

You NAT DNS1 behind ISP1, and DNS2 behind ISP2.

Out on the Internet under your domain details, then you list DNS1 as the primary DNS and DNS2 as the secondary DNS. You list an offisite DNS3 with an even lower priority.

These DNS Servers are not synched and would be maintained seperately of each other. They also should not be used as Internal DNS Servers but purely for responding to requests from the Internet for your domain.

DNS does not by default load balance or round robin etc, so all queries will goto DNS1 as you will configure that to have a higher priority. Only if they cannot get a response from DNS1 will it attempt to query DNS2, and DNS3 would only be requested if there is no response from DNS1 or DNS2.

DNS1 could be a High Availability Box so that in the event of a failure of the Server then DNS1 still responds. In this way unless the ISP1 link fails you should get a response from DNS1 so that the Internet will send traffic to ISP1addresses.

If and ONLY if DNS1 does not respond will the Internet access DNS2 and thus get an IP address in the ISP2 range.


Traffic Flow would be

Internet Client does DNS request.
Internet goes to DNS1 to get a response (as DNS1 is the primary DNS Server for your domain)
DNS1 responds back and the Internet Client gets a response with an address from ISP1.

Internet Client does DNS request
Internet goes to DNS1 to get a response (as DNS1 is the primary DNS Server for your domain)
Internet gets no response from DNS1, so attempts to access DNS2
DNS2 responds back and the Internet Client gets a response with an address from ISP2.

Internet Client does DNS request
Internet goes to DNS1 to get a response (as DNS1 is the primary DNS Server for your domain)
Internet gets no response from DNS1, so attempts to access DNS2
Internet gets no response from DNS2, so attempts to access DNS3
DNS3 responds back and the Internet Client gets a response with an offsite Disaster Recovery ISP address.

I hope this helps answer your stumbling block. You could potentially add another offsite DNS to make 4 DNS Servers, however you need to remember that they are not load balanced but will be accessed sequentially only if the higher priority DNS Server is not responding. If it responds but hasn't resolved then you won't attempt to access another DNS Server as you have had a response.
Reply With Quote