The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Note | when running HA we recommend only having primary zones on the server. |
In normal state, both the main and backup primary servers are up and running. The main server processes all DNS updates from clients and sends all accepted updates to the hot standby backup. The main server will forward RR updates to the backup server. Updates from DDNS clients are ignored or dropped by a backup server. Both servers can respond to queries and zone transfer requests. The main and the backup partners always stay in communication to detect availability of the other.
If the main goes down, the backup waits a short time, then begins servicing the DNS updates from clients that the main would normally service and records the updates. When the main returns, the HA pair synchronize and exchange RRs that were changed or deleted during communications interrupted state.
Whenever you add a new zone, both the primary and the backup servers must be reloaded to automatically synchronize with the HA backup.
The synchronization is done on a per-zone basis. This allows updates to all other zones while a given zone is in the process of getting synchronized.
If the hot standby backup goes down, the main waits a short time, then records the updates that the partner did not acknowledge. When the backup server comes back up, the main sends the recorded updates to the backup.
Both the main and backup can traverse the following states:
When a DNS server starts up, it:
Once the server is in Normal state, the zone level synchronization begins. Zone synchronization is always managed by the Main HA server. The zones traverse through the following states:
HA DNS is fully integrated with CNR DHCP servers, and the partners are updated when hosts get added to the network (see the "Managing DNS Update" chapter in Cisco Prime IP Express 9.0 DHCP User Guide). From the DHCP side of HA DNS, the DHCP server sends DNS updates to a single DNS server at a time.
DHCP autodetects the main being down and start sending updates to the backup. The DHCP server tries to contact the main DNS server, twice. It tries the backup partner if both of the attempts are unsuccessful.
The backup detects the main server down and starts accepting updates from DDNS clients. When the servers come up again, HA communication will be automatically established and the servers will get into Normal state where they carry out zone synchronization and make sure that both have the same RRs, etc.
If both DNS partners are communicating, the backup server drops the update, whereby the DHCP server times out and retries the main DNS server. If both servers are unreachable or unresponsive, the DHCP server continually retries each DNS partner every 4 seconds until it gets a response.
For zone level sync, an Advanced mode command is added in the local cluster Zone Commands page, if the local cluster is configured as the main HA server. In Expert mode, the following three options are provided:
HA DNS status is modified to include the zone synchronization status. Status includes count and percentage of synchronized zones, zones pending synchronization, and zones that have failed synchronization.
Zone status has been modified to also include the HA synchronization status (ha-server-pending, sync-pending, sync-complete, synchronizing, or sync-failed), if HA is configured.
The attributes needed to set up an HA DNS server pair from the main server are:
The specific IP addresses for the main or backup is specified only when the cluster IP is used for management and DNS works on a different interface.
Create the HA DNS server pair (ha-dns-pair name create main-cluster/address backup-cluster/address). The address can be IPv4 or IPv6. Then synchronize the servers using ha-dns-pair name sync, specifying the synchronization operation (update, complete, or exact) and direction (main-to-backup or backup-to-main). Be sure to reload both DNS servers. For example:
nrcmd> ha-dns-pair example-ha-pair create localhost test-cluster nrcmd> ha-dns-pair example-ha-pair sync exact main-to-backup nrcmd> dns reload
See the ha-dns-pair command in the CLIGuide.html file in the /docs directory for syntax and attribute descriptions. The CLI provides an additional command for the DNS server to set the HA DNS partner down, if necessary, which is possible only while in Communication-Interrupted state:
nrcmd> dns setPartnerDown
The partner down is useful because it limits the bookkeeping data a server maintains, thus optimizing its performance. When both servers start communicating again, the sync sends all the zone RRs rather than trying to determine individual changes. The partner that was up will send all RRs to the server that was down.
To manually synchronize an HA DNS zone:
Step 1 | From the Design menu, choose Forward Zones or Reverse Zones under the Auth DNS submenu to open the List/Add Forward Zones or List/Add Reverse Zones page. | ||
Step 2 | Click the Commands button for the zone which you want to synchronize on the Edit Zone page. | ||
Step 3 | Click the
Command
icon next to
Synchronize
HA
Zone to synchronize the HA DNS zone.
Synchronizing the HA DNS zone will always sync the associated views and named ACLs for primary zones.
|
Use zone name ha-sync-all-rrs to manually schedule HA zone synchronization for the zone, or to raise its priority, if the zone is already in the sync-pending state (see the zone command in the CLIGuide.html file in the /docs directory for syntax and attribute descriptions).
The log settings, ha-details, enable logging of HA DNS-related information.
You can view HA DNS statistics.
Click the Statistics tab on the Manage DNS Authoritative Server page to open the DNS Server Statistics page. The statistics appear under the HA Statistics and Max Counter Statistics subcategories of both the Total Statistics and Sample Statistics categories.
Use dns getStats ha [total] to view the HA DNS Total counters statistics, and dns getStats ha sample to view the Sampled counters statistics.