DNS Server and VRRP Compatibility

The DNS server daemon is not directly compatible with using VRRP IP addresses. Due to that limitation, the available methods to make DNS service from TNSR available to clients in a redundant manner have drawbacks.

Warning

Do not bind the DNS server to a VRRP address. The DNS server daemon fails to start on VRRP IP addresses unless the address is currently present and in master state. This also causes the daemon to fail at boot time even on the node which typically has a VRRP address in master state.

There are three methods to provide DNS service from a TNSR HA cluster, described in the following sections.

Pass Cluster Addresses to Clients Directly

Configure all cluster nodes as DNS servers on clients directly or via DHCP.

While this is easier to set up on TNSR, some clients do not behave well with this method. Clients may continue trying to contact a node which is offline, causing delays as DNS requests timeout before they contact other DNS servers.

Loopback Interface DNS Server Address

Configure a loopback interface with a unique IP address reachable by clients, then provide that address to clients as the DNS server.

As the loopback is not communicating outside the node, it does not cause a conflict on the network and clients can reach it through either node.

This address can be an internal network address, such as one in a private or reserved network.

Redirect DNS Requests with NAT

Configure the internal VRRP IP address in the client subnet and then use an inbound NAT rule to redirect incoming client DNS requests.

This setup is a bit more complicated than the others as it must also utilize a loopback interface, similar to the previous method, but this allows the clients to contact the VRRP address for service which is easier in some ways.

The details of this setup can be found in DNS NAT Redirect (Optional).