ISC DHCP+BIND with failover and dynamic updates, can the secondary bind update DDNS?

I'm setting up a failover system for DHCP and DDNS. The software being used are ISC BIND and ISC DHCP, running on Ubuntu 10.04 LTS.

serverA runs DNS01 and DHCP01, serverB runs DNS02 and DHCP02. DHCP failover is set to a 128-bit split (half the zone on each server), wich is working correctly.

serverA is set as the master DNS, serverB is secondary (slave).

Where should DHCP02 point its dynamic updates? Can a slave zone be updated with DDNS entries and then be AXFR'ed back to the master, or do I need to point all DDNS updates to DNS01, both on DHCP01 and DHCP02?

Solution 1:

It should be sort of doable, but needs the master DNS to come back up eventually.

Firstly, you need to use the "allow-update-forwarding" parameter in the slave DNS zone. Use the same key as you use the "allow-update" in the master DNS zone.

Secondly, you need to tell the DHCP servers to contact the secondary DNS servers if they fail to contact the primary. To do that, list the secondary DNS servers in the DHCP zone, e.g.:

zone myzone.lan. { primary 192.168.81.10; secondary 192.168.81.11; key rndc-key; }

Now if the master DNS goes offline, DHCP servers can send dynamic updates to the slave DNS server and it will queue them up to be sent to the master when it comes back online. Unfortunately, DNS clients won't see the dynamic updates until the master comes back online, receives and processes the pending dynamic updates from the slave, and redistributes the updates back to the slaves.

Solution 2:

Looks like this is not doable. I tried to lab it, and the secondary DHCP fails with errors in the syslog about not being allowed to update the zone.

Solution 3:

Works for me for years. Both servers in a failover set are updating the master (why anyone of them should even try to update the slave ?). Master is replicating to the slave.