Introduction to HA DNS Processing
In normal state, both the main and backup primary servers are up and running. The main server processes all DNS updates from clients and sends all accepted updates to the hot standby backup. The main server will forward RR updates to the backup server. Updates from DDNS clients are ignored or dropped by a backup server. Both servers can respond to queries and zone transfer requests. The main and the backup partners always stay in communication to detect availability of the other.
If the main goes down, the backup waits a short time, then begins servicing the DNS updates from clients that the main would normally service and records the updates. When the main returns, the HA pair synchronize and exchange RRs that were changed or deleted during communications interrupted state.
Whenever you add a new zone, both the primary and backup servers must be reloaded to automatically synchronize with the HA backup.
The synchronization is done on a per-zone basis. This allows updates to all other zones while a given zone is in the process of getting synchronized.
If the hot standby backup goes down, the main waits a short time, then records the updates that the partner did not acknowledge. When the backup server comes back up, the main sends the recorded updates to the backup.
Both the main and backup can traverse the following states:
- Startup —The servers establish communication and agree on the HA version to use. In this state, the servers do not accept DNS updates or RR edits, and they defer scavenging, if enabled.
- Negotiating —Each server is waiting for the other to get ready to synchronize. In this state, DNS Updates and RR edits are not allowed.
- Normal —Both servers are up and healthy, exchanging DNS updates and heartbeat messages. The main accepts DNS updates and RR edits, sends RR Update messages to the backup. The backup ignores DNS updates, refuses RR edits, but processes RR Update messages from the main server. Scavenging is suspended on zones while they are still synchronizing.
- Communication-Interrupted —The server goes into this state after not getting a response or request from the partner during the communication timeout (ha-dns-comm-timeout) period. The server continues listening for communication from the partner (they both send heartbeat messages at the rate specified by ha-dns-poll-interval) and tries to connect, meanwhile accepting DNS updates and RR edits and disabling scavenging.
- Partner-Down —It is similar to Communications-Interrupted, but does not continue to track RR changes. Once the partner returns, the entire zone will be sent to the partner. This allows for better performance and limits the disk space needed to track changes since the partner will get a copy of the zone when it becomes operational again.
When a DNS server starts up, it:
- Opens its configured HA DNS listening ports and listens for connections from its partner.
- Transitions to Negotiating state. In the Negotiating state, RR edits are not allowed.
- Transitions to Normal state, the servers start synchronizing changes to each primary zone. The main starts allowing updates to zones and sending the update information to the backup.
Once the server is in Normal state, the zone level synchronization begins. Zone synchronization is always managed by the Main HA server. The zones traverse through the following states:
- Sync-Pending State —A zone enters this state when the HA DNS server transitions to the normal state or if a manual sync is requested. In this state RR updates for the zone will be accepted on the main server, and forwarded to the backup server.
- Synchronizing State —The RR synchronization for the zone takes place in the synchronizing state. RR updates are not accepted, and notifies are disabled.
- Sync-Complete State —A zone transitions to this state from the synchronizing state once it has successfully synchronized resource record changes with its corresponding zone on the HA DNS backup. In this state, the zone on the HA DNS main server accepts all dynamic DNS update requests, allow resource record configuration changes, and re-enables notifies. Resource record modifications will be forwarded to the backup server.
- Sync-Failed State —A zone transitions to the sync-failed state from the synchronizing state if it fails to sync. The zone will accept resource record updates on the main server, and changes will be forwarded to the backup. The server will retry synchronizing the zone after ha-dns-zonesync-failed-timeout. A manual sync request or server restart will also restart zone synchronization.
HA DNS is fully integrated with Cisco Prime Network Registrar DHCP servers, and the partners are updated when hosts get added to the network (see the "Managing DNS Update" chapter in Cisco Prime Network Registrar 10.1 DHCP User Guide). From the DHCP side of HA DNS, the DHCP server sends DNS updates to a single DNS server at a time.
DHCP autodetects the main being down and starts sending updates to the backup. The DHCP server tries to contact the main DNS server, twice. It tries the backup partner if both the attempts are unsuccessful.
The backup detects the main server down and starts accepting updates from DDNS clients. When the servers come up again, HA communication will establish automatically and the servers will get into Normal state where they carry out zone synchronization and make sure that both have the same RRs, and so on.
If both the DNS partners are communicating, the backup server drops the update, whereby the DHCP server times out and retries the main DNS server. If both servers are unreachable or unresponsive, the DHCP server continually retries each DNS partner every 4 seconds until it gets a response.
For zone level sync, an Advanced mode command is added in the local cluster Zone Commands page, if the local cluster is configured as the main HA server. In Expert mode, the following two options are provided:
- Sync All RRs from Main to Backup
- Sync All RRs from Backup to Main
HA DNS status is modified to include the zone synchronization status. Status includes count and percentage of synchronized zones, zones pending synchronization, and zones that have failed synchronization.
Zone status has been modified to also include the HA synchronization status (ha-server-pending, sync-pending, sync-complete, synchronizing, or sync-failed), if HA is configured.