Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise High Availability Extension 15 SP1

7 Setting Up IP Relocation via DNS Update

In case one site of your Geo cluster is down and a ticket failover appears, you usually need to adjust the network routing accordingly (or you need to have configured a network failover for each ticket). Depending on the kind of service that is bound to a ticket, there is an alternative solution to reconfiguring the routing: You can use dynamic DNS update and instead change the IP address for a service.

The following prerequisites must be fulfilled for this scenario:

  • The service that needs to fail over is bound to a host name.

  • Your DNS server must be configured for dynamic DNS updates. For information on how to do so with BIND/named, see the named documentation, or refer to http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/. More information on how to set up DNS, including dynamic update of zone data, can be found in the SUSE Linux Enterprise Administration Guide, chapter The Domain Name System. It is available from http://www.suse.com/documentation/sles.

  • The following example assumes that the DNS updates are protected by a shared key (TSIG key) for the zone to be updated. The key can be created using dnssec-keygen:

    root # dnssec-keygen -a hmac-md5 -b 128 -n USER geo-update

    For more information, see the dnssec-keygen man page or the SUSE Linux Enterprise Administration Guide, chapter The Domain Name System, section Secure Transactions. It is available from http://www.suse.com/documentation/sles.

Example 7.1, “Resource Configuration for Dynamic DNS Update” illustrates how to use the ocf:heartbeat:dnsupdate resource agent to manage the nsupdate command. The resource agent supports both IPv4 and IPv6.

Example 7.1: Resource Configuration for Dynamic DNS Update
crm(live)configure# primitive dns-update-ip ocf:heartbeat:dnsupdate params \
  hostname="www.domain.com"1 ip=""2\
  server=""4 serverport="53"5


Host name bound to the service that needs to fail over together with the ticket. The IP address of this host name needs to be updated via dynamic DNS.


IP address of the server hosting the service to be migrated. The IP address specified here can be under cluster control, too. This does not handle local failover, but it ensures that outside parties will be directed to the right site after a ticket failover.


Path to the public key file generated with dnssec-keygen.


IP address of the DNS server to send the updates to. If no server is provided, this defaults to the master server for the correct zone.


Port to use for communication with the DNS server. This option will only take effect if a DNS server is specified.

With the resource configuration above, the resource agent takes care of removing the failed Geo cluster site from the DNS record and changing the IP for a service via dynamic DNS update.

Print this page