Forum Discussion
CirrusActive/DR DNS Deploy | Best practice
CirrusMy main question is about building the Primary DNS (which contains the authority for most zones and is not an F5) on the DR site. When the Primary DNS nameserver that will be positioned on the DR site is registered as a nameserver for zones not delegated to F5, it will receive queries that I would not like to happen because the prerequisite is not to send any traffic to the DR site while the active site is operational.
CirrusWhen I dig a domain, I got these nameservers:
dig @8.8.8.8 www.abc.com ns
; <<>> DiG 9.11.36 <<>> @8.8.8.8 www.abc.com ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42510
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.abc.com. IN NS
;; ANSWER SECTION:
www.abc.com. 300 IN CNAME d2iwv1xxkqpmiz.cloudfront.net.
d2iwv1xxkqpmiz.cloudfront.net. 21600 IN NS ns-1231.awsdns-25.org.
d2iwv1xxkqpmiz.cloudfront.net. 21600 IN NS ns-1630.awsdns-11.co.uk.
d2iwv1xxkqpmiz.cloudfront.net. 21600 IN NS ns-194.awsdns-24.com.
d2iwv1xxkqpmiz.cloudfront.net. 21600 IN NS ns-760.awsdns-31.net.
So I got 4 nameservers that can answer as authoritative for www.abc.com
As far I understand, the OS will pick up an random nameserver (could be the DR primary DNS) and then try to get the IP for the requested domain, and I want to avoid it. So I want to disable or force the nameservers hosted at the DR site to no reply as authoritative while the Active site is up.
