Round Robin DNS redundancy for DNSBL brain scrambler

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Round Robin DNS redundancy for DNSBL brain scrambler

Unread post by faris »

My brain is shifted into "insanity" mode trying to figure this out. Can someone help me please?

I'm trying to create a redundant DNSBL - that is, having two different servers each running rbldnsd (a dns server optimised for dnsbl use) with the same data set, and being able to have one of these servers go down without causing any problems for clients doing lookups.

They key here is that rbldnsd is a DNS server, just like named/bind.

The means that it needs NS records as well as A records.

So, lets say you have a domain called mydomain.tld and you set up rbldnsd on a server at 11.11.11.11 to have a couple of different dnsbl sets, say badrelays.dnsbl.mydomain.tld and spammers.dnsbl.mydomain.tld

In order to get all this to work, you'd then create the following DNS records in the zone file for mydomain.tld:

Code: Select all

dnsblserver1. :: A :: 11.11.11.11
dnsbl. :: NS :: dnsblserver1.mydomain.tld
OK. Great. Fine. Perfect. No brain madness yet.

Now typically, with a "normal" DNS server, you'd have two NS records, not one, each one pointing to a different IP and "automatically" giving you redundancy. And since rbldnsd is a DNS server, one can do exactly the same thing with it too e.g.

(EXAMPLE 1)

Code: Select all

dnsblserver1. :: A :: 11.11.11.11
dnsblserver2. :: A :: 22.22.22.22
dnsbl. :: NS :: dnsblserver1.mydomain.tld
dnsbl. :: NS :: dnsblserver2.mydomain.tld
(where 22.22.22.22 is a server running rbldnsd with a config identical to that running on 11.11.11.11)

Sooooooo.......here's where my brain stops being able to handle the load:

*IS* this all I need to do? After all, the idea of having a minimum of two nameservers per domain is to allow DNS to be resolved if one goes down.

And what's the difference between doing the above and doing this:

(EXAMPLE 2)

Code: Select all

dnsblserver. :: A :: 11.11.11.11
dnsblserver. :: A :: 22.22.22.22
dnsbl. :: NS :: dnsblserver.mydomain.tld
i.e. RR on the A record instead of the NS record?

Why is this important to me? Well, my DNS server has a rather nifty *active* Round Robin facility that can monitor the health of an external server and serve or not serve particular DNS records depending on the result of the health check.

For example, it can be set to monitor (look for ping response in this case) the "target" of a set of records, such as these records from (EXAMPLE 1) - the targets being dnsblserver1/2.mydomain.tld:

dnsbl. :: NS :: dnsblserver1.mydomain.tld
dnsbl. :: NS :: dnsblserver2.mydomain.tld

If no ping response is received, it won't serve the record. So if dnsblserver1.mydomain.tld (which is 11.11.11.11) doesn't respond to pings, it won't serve the "dnsbl. :: NS :: dnsblserver1.mydomain.tld" record at all and will stick to dnsbl. :: NS :: dnsblserver2.mydomain.tld

What I can't get round my head is whether to bother to use this facility or not, and if I do, whether to round robin on the A records (EXAMPLE 2) or the NS records (EXAMPLE 1).

Any suggestions welcome. I hope I've explained all this clearly too!
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Top
Post Reply

Return to “General Help and Development Discussion”