How to Master-Master propagate BIND DNS across two or more servers

Question

I have two webservers and plan on adding more. I'm using BIND as a Master Nameserver on each. The issue is that I plan on adding more Servers and need some way to propagate DNS records between each server. Each server MUST be a DNS Master BIND server due to limitations of my configuration.

I've tried setting up two BIND Forwarding Nameservers and setting my NS records to the IPs of these forwarders. It seemed to work well, but DNS checking reports that these servers are Non-Authoritative; is that an issue I should be concerned with?

The second issue is that my forwarding nameservers sometimes would fail to resolve. I don't remember the exact error but the log stated something like RCONFAIL or RFAIL when contacting the master nameserver's IP.

So, the question is - how would a sane sysadmin structure their DNS servers to only use 2 NS records (ns1.domain, ns2.domain) with multiple DNS Master servers on the backend?

Answer 1

Instead of trying to trick BIND into behaving authoritatively while serving records from elsewhere (and still having a single point of failure for those records), centralize your zone data into a configuration management system and distribute it to all of your authoritative DNS servers with that configuration management.

All of the BIND servers will have a copy of the zone and be authoritative because they aren't depending on an external source of the data, and your updates will be sent to all servers automatically by the configuration management.

Answer 2

you could have stealth and visible dns servers sharing a replicated database (sql, ldap).

At work we use ldap (MS DNS) with subdomains delegated to bind+ldap (ipa centos). The clients get just two of the domain controllers as dns servers, but we can update records on any of them, not just the ones visible to the clients.