Notes on Keepalived and DNS
Following the HA trend I created with the last post I though I would write down some notes on high availability DNS with Keepalived. When implementing this I found out that it was poorly documented when using both UDP and TCP traffic. It seems like some people refer to DNS as UDP only. This would disable features like zone transfers and queries over 512 bytes.
Keepalived is a load balancer with HA features such as VRRP (RFC 3768). VRRP is a protocol that enables the two gateways (or in this case load balancers) to share an IP. Keepalived has also got checks for service availability. What this means is that if a server, in this case a DNS server stops responding it will be removed from the load balancer and will not be sent any queries.
The two load balancers are sharing the IP address of 10.0.2.16 (VIP). The two DNS servers has the IP addresses 10.0.2.20 and 10.0.2.21. These will be DNS servers responding on TCP and UDP and could be any DNS like Bind, PowerDNS or Unbound..
So, the /etc/keepalived/keepalived.conf is configured as follows:
As it seems like Keepalived does not officially support UDP there is no specified check like the TCP_CHECK I dug out a MISC_CHECK that huangmingyou had created. The script does a lookup in the DNS for a specified serial number that is in a TXT record. If it is not found the server will be removed from the load balancer until the script returns OK.