DNS Zone transfer and Zentyal cluster

[ejortegau]

Hi:

I suppose both of these have alredy been requested, but just in case... it would be nice to:
1. Have Zentyal DNS module be able to allow zone transfers, to set up secondary/slave DNS servers.
2. Have some sort of Zentyal cluster option, so that in case a zentyal breaks, the other one takes over.

Regards.


E.

[Marcus]

Hello ejortegau,

The DNS cluster would be a great addition.

+1

Best,

Marcus

[simonaaker]

option for master/slave would be rly nice

+1

[airtonix]

This is essential for fault tolerance.

My understanding is that the required settings are simply :

Master:
 - Is Slave: [checkbox] marked : No
 - Slave DNS Servers:
    - [UL list] : List items specifying each slave DNS server to notify of changes, delete button on end to remove.
    - [text entry input] : add new slave by ip address

Slaves:
 - Is Slave: [checkbox] marked : Yes
 - Allow Updates From:
    - [UL list] : List items specifying each DNS server from which to acknowledge zone updates, delete button on end to remove.
    - [text entry input] : add new allowed dns server by ip address

[christian]

I'm glad to see that more and more Zentyal users are asking for such "DNS high availability" feature.
I do share this is a must, along with splitDNS (DNS view) capability.

For zone replication, having it between 2 Zentyal Servers is better than nothing but in a lot of cases, SMBs will not have multiple Zentyal servers while deploying another DNS server is very easy and light, reason why I would suggest that Zentyal could, as master, support synchronization with any other DNS. Using AXFR or IXFR should do the trick.

[plastilin]

No bad if realised who allow query to zone.

Example i have 2 zones

1. Internal - domain.local
2. External - domain.com


If i accept queries from packet filter, anybody can query to my local zone.

[FarquahrWindsor]

I would like to add to the Zenyal Cluster Idea.

Because Zentyal can back up its config data and sync user data.

I would like to propose a cluster / redundant server mode controlled by a heartbeat module.

This way you could have a full server dns, ntp, dhcp, apache, zarafa with services down ready to come live on a missing heartbeat.

[christian]

As explained during Zentyal summit, I do not like Zentyal cluster idea except for few services like FW and DHCP.
For file sharing and mail it doesn't make sense except if you are already using highly available shared storage (SAN or NAS) or if you implement DRDB, which at the end result in cluster like mode with some extra complexity because of the need to have active server to receive data but IP address change at the time FW starts to replace the failing one at same default gateway IP.

While if you do not target cluster but redundant services for DNS, LDAP and whatever does not conflict while duplicated, you can work in failover or load balancing mode which provides much better and transparent high availability.
This doesn't prevent to target cluster for FW because of dft gw constraint however.

While discussing this, one prerequisite is to split MTA and MDA 

[FarquahrWindsor]

Christian for those of us who couldn't attend the summit would you explain more.

I feel it would be a simple methodology to provide a synchronised redundant server that employs simple methods that fits the SMB arena that Zentyal is aimed at.

Basically an identical setup rysnc, database and configuration with a simple heartbeat module would be simplistic to provide and also simple to provision.

I agree higher levels offer different solutions but keeping an eye on the SMB market then wouldn't the above be fit for purpose rather than desired enterprise operations. Ubuntu provide many scalable services through Maas and landscape that don't need zentyal to re-invent the wheel.

PS I am not arguing that you are wrong but would like to open a discussion that provides a historical record of reason and direction in an open manner.

Programmatically all is required is the for the modules to be enabled when the heartbeat is lost and for the master to shut down.

I am not sure with Zarafa if we could split the MTA & MDA and for those who dislike acronyms mail transport and delivery agents.

Would be good of you to explain more christian if you have discussed this at the zentyal summit so those of the community who couldn't attend might get the picture.

[christian]

I think presentation were broadcasted (is it en English verb?) and are or at least will be available for later review.
I fully share that cluster looks simple but it's not as simple. E.g., identifying split-brain is n ot as easy as it looks    and cluster based on rsync just doesn't work at least to my standards. Without "shared" highly available storage (SAN or NAS but preferably SAN) or DRDB, there is no cluster.
It starts to be slightly more complex than it looked first then.
Anyway, with true storage, it works, I agree. If if fits for you, you can just do it, no need to introduce any change at Zentyal level as you will build cluster at OS level.

Thank you for additional explanation about MTA/MDA. Those not understanding these acronyms (MTA/MDA) even don't understand what I'm speaking about any why this matters    For them I suppose there no such need 
BTW in your cluster approach for SMB, meaning one single server for one single site, this is not a need neither. As I said in my introduction, this focus more on medium companies. And I don't want to discuss about Zarafa that I don't know, even if I do know that such split can easily be achieved because Zaraf relies on Postfix (surprisingly, they have not develop their own MTA like they did for MDA)

[FarquahrWindsor]

Christian have you ever thought of being a politician?

I guess its wait for the translation.

Actually SMB for me means Small to Medium Business.

I look at generally up 25 users a single server will do above I am thinking of splitting services.

If I am going higher then I think your looking into an area that already has a lot of solutions canonical has some excellent offerings here.

There used to be a time when hardware was quite expensive and this is not true to the level of a couple of years ago. You can quite a punch out of a €600 server nowadays and across 25 users the investment is minimal.

Downtime at this level is still hugely expensive for any business. So I am unsure how you can say this is unneeded?

There are solutions at all levels and sometimes they need solutions that fit the budget.

Bringing in SAN and the extra network requirements that san database storage and server start to take it out of the small and some medium business requirements. Zentyal is based on a easy to use web interface that takes techno out of the equation and I am not sure if clusters are above the scope of the project.

I am not saying that your solution isn't required but I have to argue at the level I am looking at its overkill.

If one server goes down then another server comes up. It can be achieved simply its costs are low and for many it will provide a solution fit for purpose.

I also think it would be a very simple module for the Zentyal staff to develop without need for any further technologies that don't already exist in the zentyal package.

There is no way of doing it at the moment as firstly there is no heartbeat monitor.
Secondly there isn't anywhere to apply IP addresses without them being live.

It could be quite easily provided for by two virtual eth ports being the linkage between the two servers.

Synchronisation can be scheduled so it doesn't kill the network and also database synchronisation which is zarafa's mail store. This way there is hardly any additional overhead which is not true of clustering technologies.

I shouldn't of used the terminology of cluster I am talking of a Zentyal redundant backup server that will kick in automatically on a service failure on the primary.

For many that would be fit for purpose at this level.

[christian]

fine, do it this way then if it fits your requirements    I mean you are certainly right 

Look at presentation I made first. Once you understand RPO and RTO if not already the case, come back here with these figures and we can discuss, otherwise, any debate is just waste of tile because you will end up telling: yes this is a cluster but I only restore what I synchronized 4 hours ago.
So far so good. If this is your goal, then your solution is perfect  almost 

Then when you will face failure and will have to use what you implemented, please do me (and you) a favour: come back to us and tell us which services restarted and whenever you reached RPO you designed with your solution (RPO standing for Return Point Objective).

[FarquahrWindsor]

What I am saying, what I am requesting is that its not possible at the moment.

I am asking if zentyal think they might be able to create a module that would do this and would it be beneficial to the community.

I have many years experience in the industry especially at this level. The loss of the ability to work is much more expensive than the inconvenience of resyncing the days data. The cost of instantaneous data availability for some is more than budget requirements.

Well I am asking you as your a community council member as there is a huge market for zentyal that is below enterprise level.

I think your idea is great just beyond the scope of many of my clients budgets and needs

[christian]

Stuart,

BTW you are currently convinced that "simple cluster" is the easiest way to cover your needs. It might be true, I even don't know.
What I do know is that:
- no cluster is simple, devil being in the detail (just think twice about DB synchronization  or even copy  would it be using rsync  )
- I do not invent anything with what I suggest. I only explain what any company with a bit of real IT does, that is to make some services redundant to benefit from failover without having to wait for cluster to switch. This doesn't prevent to have clusters BTW
- the simpler you platform is, the more reliable it will be. And trust me, cluster does not bring any simplicity thus everywhere you can avoid it, do not implement it.

Last but not least, you misunderstood my point about what is needed or not for SMB thus I will rephrase it: I said that splitting MTA and MDA for a company having "all-in-one" single box is not needed. and this has nothing to do with any cluster related question. This is because of uniqueness of site vs. mail domain 

[christian]

What I am saying, what I am requesting is that its not possible at the moment.

I am asking if zentyal think they might be able to create a module that would do this and would it be beneficial to the community.

module that would do what ?
cluster that you promote is at OS level ? what do you expect from Zentyal exactly here and why do you think this is currently impossible?
Set up your cluster first, then install Zentyal and that's it. It works.... or your cluster is not a cluster