Last week in part one of this article, we learned how to configure a single OS X Server to provide DNS. This week, we’ll look at providing redundancy with a secondary DNS server and configure our client machines to receive our new DNS settings.

Configuring Secondary DNS:

Now that you’ve got a functioning DNS server inside your network, the next thing to do is consider what happens if that server is interrupted. Once your internal DNS becomes the center of your network, it’s hard to make an argument against the importance of providing redundancy. Unless you expect your main server will never go down for even a second, you’ll want a backup plan.

Fortunately, a second OS X Server can act as a secondary DNS source with little configuration. This secondary server will provide the same information as the primary (synchronized periodically to catch any changes), and

First, on the primary server you’ve just configured, go back to the “Zones” pane in the “DNS” settings of Server Admin and highlight your domain. Then further down the window, check the box marked “Allows Zone Transfer”. With the default DNS settings Apple provides, other servers within your network should now be able to inherit and host the zone file for this domain.

Now, on the server that will act as your secondary DNS, open Server Admin, and browse to the same “Zones” pane. This should be empty on an unconfigured machine. Click the “Add Zone” button at the middle of the window, and select “Add Secondary Zone (Slave)”. Enter the domain you’ll be handling secondary DNS for, and the IP address of your primary DNS server. Save, then start the DNS server.

DNS Client Configuration:

In order to get the domain information your new servers provide, client machines need to be told where to look. And since the DNS servers at your ISP likely see an external server as authoritative for your domain, you’ll need to make sure your internal clients (including your server itself) look to the internal server first.

For a single machine, this is as easy as opening the “Network” pane of the System Preferences application and replacing the current setting with your DNS server’s IP. When you’ve got to make this change on a couple hundred machines, though, even a minute each will make for hours of work. In most cases, this means some kind of network settings deployment.

If you’re already utilizing DHCP (that’s Dynamic Host Configuration Protocol) to distribute IPs on your LAN, it makes sense to use the same mechanism to distribute DNS settings as well. If, instead, your network setup somehow precludes this, Mac OS X has an easy way to push DNS settings out to your machines. Using Apple Remote Dektop’s “Send UNIX Command” feature, just select your new client machines and enter:

networksetup -setdnsservers "NETWORKSERVICE" PRIMARY SECONDARY

In this setup, NETWORKSERVICE describes the network interface on the client machine. It’s typically “Ethernet 1″ (or just “Ethernet” for laptops), but you may wish to run networksetup -listallnetworkservices if you’ve got an unusual configuration, just to see what options are available to you. PRIMARY and SECONDARY are simply the IPs for your new DNS server(s).

This will reset the servers your client machines look to for DNS information, and allow them to find domain information specific to your internal network.

Recommended Reading: For a complete understanding of the BIND software that runs Mac OS X DNS, there isn’t a more definitive text than the venerable DNS and BIND, now in it’s fifth edition by Paul Albitz and Cricket Liu.