I'm trying to create a redundant DNSBL - that is, having two different servers each running rbldnsd (a dns server optimised for dnsbl use) with the same data set, and being able to have one of these servers go down without causing any problems for clients doing lookups.
They key here is that rbldnsd is a DNS server, just like named/bind.
The means that it needs NS records as well as A records.
So, lets say you have a domain called mydomain.tld and you set up rbldnsd on a server at 11.11.11.11 to have a couple of different dnsbl sets, say badrelays.dnsbl.mydomain.tld and spammers.dnsbl.mydomain.tld
In order to get all this to work, you'd then create the following DNS records in the zone file for mydomain.tld:
Code: Select all
dnsblserver1. :: A :: 11.11.11.11
dnsbl. :: NS :: dnsblserver1.mydomain.tld
Now typically, with a "normal" DNS server, you'd have two NS records, not one, each one pointing to a different IP and "automatically" giving you redundancy. And since rbldnsd is a DNS server, one can do exactly the same thing with it too e.g.
(EXAMPLE 1)
Code: Select all
dnsblserver1. :: A :: 11.11.11.11
dnsblserver2. :: A :: 22.22.22.22
dnsbl. :: NS :: dnsblserver1.mydomain.tld
dnsbl. :: NS :: dnsblserver2.mydomain.tld
Sooooooo.......here's where my brain stops being able to handle the load:
*IS* this all I need to do? After all, the idea of having a minimum of two nameservers per domain is to allow DNS to be resolved if one goes down.
And what's the difference between doing the above and doing this:
(EXAMPLE 2)
Code: Select all
dnsblserver. :: A :: 11.11.11.11
dnsblserver. :: A :: 22.22.22.22
dnsbl. :: NS :: dnsblserver.mydomain.tld
Why is this important to me? Well, my DNS server has a rather nifty *active* Round Robin facility that can monitor the health of an external server and serve or not serve particular DNS records depending on the result of the health check.
For example, it can be set to monitor (look for ping response in this case) the "target" of a set of records, such as these records from (EXAMPLE 1) - the targets being dnsblserver1/2.mydomain.tld:
dnsbl. :: NS :: dnsblserver1.mydomain.tld
dnsbl. :: NS :: dnsblserver2.mydomain.tld
If no ping response is received, it won't serve the record. So if dnsblserver1.mydomain.tld (which is 11.11.11.11) doesn't respond to pings, it won't serve the "dnsbl. :: NS :: dnsblserver1.mydomain.tld" record at all and will stick to dnsbl. :: NS :: dnsblserver2.mydomain.tld
What I can't get round my head is whether to bother to use this facility or not, and if I do, whether to round robin on the A records (EXAMPLE 2) or the NS records (EXAMPLE 1).
Any suggestions welcome. I hope I've explained all this clearly too!