Secondary Nameserver Plesk 11 Advice

[laughingbuddha]

Hi,

I recently had a major server failure, that highlighted my need to split my Primary and Secondary Nameservers.

Currently I've got them both on the same server, but separate IP's. My thinking is to move the secondary to a separate server, one that I will be colo'ing shortly.

I want to increase redundancy, but not have to add another 2 nameservers to the 65+ domains I manage currently. So my questions are:-

1. How do I achieve this with Plesk 11?
2. Do I have to add a subscription/record on both servers for every domain I host, regardless of which server it is hosted on?
3. Can I host a domain on the server running the secondary namerserver?
4. If the Primary goes down for any reason, will the secondary keep everything resolving?

This is a new step for me, so I'm keen to get it right from the off.

[faris]

Keep Plesk as Primary, then rent a cheap VPS and set up Secondary on that.

You can use 4PSA DNS Manager if you want a commercial solution. A script on your Plesk server generates a list of domains every x minutes/hours/days, which DNS Manager then auto-imports, gets told the IP of the primary, and that's it. And yes, the whole idea is that if the primary is down, the seconday continues to provide resolution. Note that DNS Manager can't be run on the same server as a Plesk installation - it needs a clean system.

Scott has a script somewhere that does something similar with a generic bind installation.

Or use Amazon's DNS option for Secondary (or Primary and Secondary). Or some other commercial secondary DNS service. We can do it, but it is not one of our official products.

You can't have two Plesk installations where one does Primary and the other Secondary (and vice versa) for each other, which is a shame (Parallels Plesk Automation will do this but isn't really applicable to two servers).

I'll leave the technical questions to someone else ....

[laughingbuddha]

I was hoping to continue using my nameservers (ns1.youandtheweb.net and ns2), so I wouldn't have to update clients domain records.

I don't think Amazon Route 53 does secondary. I already use it for a few domains, is there any other solutions?

[biggles]

If you pay a few euros a year to cloudns.net you can use their nameservers as vanity nameservers. They also have a pretty decent API if you would like to automate things.

[faris]

Sounds good Biggles. I like the look of it. Very cheap if no API required.

Going technical -- someone PLEASE correct me if I'm wrong:

The Secondary nameserver can't start with a blank sheet. It needs to know more than just the IP of the Primary. It needs a list of zones (domains) for which it will be Secondary for.

Zone transfers (i.e. full record transfer) from the Primary to the Secondary happen when named on the Secondary starts, when the Secondary is notified of a change, or when the refresh interval in a DNS record expires (but only if the serial in the record that the Secondary has is different to the serial in the record on the Primary).

Zone transfers are, as far as I'm aware, always initiated by the Secondary. i.e. they are requested by the Secondary as a result of one of the above events happening, as opposed to just being pushed to them by the Primary.

Note that zone transfers can be restricted to certain IPs/ranges. i.e. a Primary won't respond to a zone transfer request from an IP that's not authorised. It might leak private information.

I'm not completely sure where the Secondary initially gets the IP of the Primary in order to know that it should request a zone transfer from that IP. I always assumed it is included in the zone records (as ns records?) when they are initially added to the Secondary, but could be wrong.

And it is the zone name and address of the Primary that is therefore the starting point needed. So to automate things, essentially you need a script on the Primary that generates a list of zones and the address of the Primary, and a script on the Secondary that downloads and processes this list to create the required zone files. And that's about it, I think -- as long as this interaction continues (so new zones are automatically added on the Secondary through these scripts), you don't need to touch the Secondary once it is up and running.

As you can tell, there are some gaps in my knowledge here, and maybe some misunderstandings, so don't assume what I'm saying is correct.

[laughingbuddha]

Is it the done thing that web host's have there own nameservers?

Reason I ask is I've always had my own, but I'm kinda leaning towards shifting most stuff (apart from 301/302 redirects) to Amazon Route 53. A combination of cost, and redundancy.

What do you think?

[prupert]

This makes us happy every day:
http://doc.powerdns.com/html/slave.html#supermaster

And while you're at it, set up two secondary nameservers in stead of one. Nothing eases our minds more than having a backup system for a backup system.

[biggles]

I user cloudns.net (previously I used xname) like this:

1. Purchase new domain
2. Add new domain to Plesk
3. Plesk default DNS template is setup with pns1..pns5.cloudns.net
4. Add domain to cloudns.net manually as secondary (this could quite easily be automated...)
a. enter domain name
b. IP of primary DNS
5. Make sure that the list of allowed IP for DNS transfer include all cloudns IP:s

As suggested by Scott a long time ago in a forum not very far way, I only use the five cloudns nameservers at the registrar. As soon as I make a change in the Plesk CP it is immediately updated at the cloudns secondary DNS servers.