- This topic has 30 replies, 3 voices, and was last updated August 9, 2023 by .
Update VM DNS after Failover
-
Does anyone have suggestion on the best way to update dns or AD Object after moving to another datacenter after a failover?
I am considering running a post script to force update of servers DNS once on new IP.
thanks
Shashidhar KMarch 10, 2017 12:35:08 PMHi Dan,
Sorry for the delayed response. I’m writing up a full reply to you but just haven’t finished in order to post it! I’ll put some information up for you shortly.
~Harry @HarrySiii
Follow me: www.twitter.com/HarrySiiiNo worries, sounds good!
Thanks
Shashidhar KMarch 15, 2017 11:37:31 AMHi Dan! Thanks for your question.
There are multiple ways to accomplish this and what works for one environment may not be best for others. With that said…I’ve seen it a few ways but some are more popular than others. I’ll indicate what I think, but I invite others to chime in with their most commonly seen solutions. 🙂
- Production DNSservices should be up and running in the DR site already to keep them always up to date with the source/production site.
- Servers typically can come back online in the new site, and automatically update their DNS records in this scenario.
- You can run post scripts in order to update DNS entries and I used to see it a lot, but I’m not sure how popular it is these days. I would imagine it is still a pretty prevalent solution.
- You can either call a post script from within the Zerto VPG settings, or you can inversely call the ZVR failover (or test) from an external script that also calls out to DNS separately.
- A less common (from my experiences) solution I have seen in some production environments is to set servers to DHCP with static reservations, which will allow these server IP changes to automatically be updated in the recovery site and will align correctly with the recovery DNS server.
Any other insight from others? What solution(s) are you using and which one(s) work the best for you?
Thanks!
~Harry
Follow me: www.twitter.com/HarrySiiiGreat run down Harry, much appreciated!
I have a powershell script that updates records and i can just update this on demand, i have been able to get he VPG to now fail over and get past the script pre or post configuration, but again i think i can just stick with the script w/out any pre or post failover.
One thing i have been thinking is “if” i were to integrate a post script to update DNS and i was doing a “test” i wouldn’t want that script to run right, since i will still have the Prod Side online and the test failover is just a test. I suppose i could go in and disable the script for just a test, but im thinking why not just keep the script out of the mix and run it outside on my own accord, then i can use remote powershell to manage the script from anywhere and execute it and just modify the files it looks at.
I do like the integration of the pre/post script this allows for a lot of flexibility, but i would have to say i think i like the idea of having one script w/ multiple files to reference when i wanted to update DNS.
I think im going to have my scripts on Both ZVM’s in case we lose a side of course and just mange the files manually then execute the script manually as well, this i think gains me more control over the process and wont confuse anything especially it i am not the one running a failover.
If anyone has any more input please add it into the discussion.
Thanks Again !
Chris SMarch 15, 2017 04:02:50 PMDan – I’ve done this very thing. I have a script that I crafted, that fires off as a post-script. When the VPG is failed over, the script runs and updates DNS. It works perfectly. A few top tips for you:
- The script needs to be placed on the recovery ZVM server. This means you will really need 2 scripts, with the same name. On the destination ZVM the script changes DNS to the recovery subnet. On the production ZVM the script changes the DNS to the production subnet. You set it up this way so regardless if you are failing over, or failing back, the script will run and update DNS appropriately.
- You need to ensure that the service account that the ZVM software run on, has appropriate permission to update DNS via however your script does it. The service account credentials are what will be used when calling the script, so they need the proper permissions.
- Pre and Post scripts do not run during a VPG test, so you don’t need to worry about that. You can have your scripts run as a post script, and not impact anything when you are performing a test.
Hope that helps.
Hey Matthew,
This is a big help, you just established two things for me 1. the script does not kick off when testing and 2. the script that is kicked off is the one on the Recovery Site.
Do you have an example screen shot of the Command and parameter ?
I have :    Command = powershell.exe   Parameter – c:\zerto\dns\zertodns.ps1
but the script didnt execute.
The Service account has DNS Admin privileges
Is the syntax correct?
Thanks guys !
Chris SMarch 15, 2017 05:08:34 PMSo it really depends on your environment. I’m using active directory for DNS, and so I used the “dnscmd” AD commands. I simply built a batch file with all the necessary parameters. I tested it manually, to prove the batch file works properly. Once that worked, I put the path into the Zerto config, and again tested for functionality.
If you’re using powershell, I’d suggest creating a simple batch file, that just calls your powershell script. That’s how I’ve done it with most success, in other areas such as scheduling tasks.
Keep in mind, the Zerto post scripts need you to feed it the absolute path to the file on the ZVM. So what you should put in the Zerto config line is something like “c:\zerto\dns\zertodns.ps1”
Hey Matt,
Great post man, I am also using dnscmd and I tried using powershell.exe and the “c:\zerto\dns\zerto-dns.ps1” no go on that, but I just wrote up a bat file to launch the powershell script and it works manually so now to test the post failover with the script.
If you have this working with powershell or with a bat , can you post a screen shot of both fields or what you put in the command field and paramaters field for an example?
Heres the Bat config I have
Command : c:\zerto\dns\dns.bat
Powershell config no go yet through a failover, doesn’t work with or with out the quotes for the exact path, but there is now spaces so it may not be a huge deal.. but let me know what you think
Thanks man!
Chris SMarch 15, 2017 07:25:26 PMThis is what is in the box for Post-recovery Script:
C:\scripts\dnsupdate.bat
The bat file then runs the dnscmd commands. Sounds like you have it correct, something just must be off. Perhaps have your bat file and powershell file to output steps to a log file so you can see how far it’s getting?
Hey Matt,
Yeah I was starting to think about integrating some log output. As of right now that Bat file is just launching my powershel command that runs the dnscmd.
Also if I have multiple VPG’s I need a few different scripts right, because I don’t want to launch a script that could affect another vm in another VPG right?
Thanks
Chris SMarch 15, 2017 07:50:46 PMYes, you probably want to keep it to 1 script per VPG, and configure that post-script in each VPG. You could consolidate but you’d run the risk of DNS updating for VM’s that haven’t been failed over. Just cleaner to keep it to 1 script per VPG, IMO
yea thats what i was thinking each VPG needs its own scripts so it doesnt change any other VPG VM’s dns.
Matt could could you attach a screen shot of your Pre or Post Script configs?
I just want to make sure mine is right on. You are using the same account you built zerto out with to execute the scripts right ? I am wondering what might be holding up the scripts from kicking off, that would make this easier for sure if i could kick off these scripts on failover.
Thanks for all the help so far guys!
Chris SMarch 15, 2017 08:02:46 PMNo, I’m not using the same account used when Zerto was installed. When installed it will use the local service account (although I think they’ve changed this to prompt during install in later version, when I installed when it was v2.0 and there was no choice) but I had to change the service credentials, to be an account that has permissions enough so that the Zerto service can start and run, and perform the DNS updates on the domain controllers. Not recommending this, but as an example, if you used your domain administrator account, that would have the proper rights for both functions. I have a service account that I created that has the proper permissions. If you do that and it’s not working, I would log a support call to Zerto tech support.
Yeah i considered doing the same at least for testing ha. Well i dont have it working currently w/ the failover and i have to launch the script manually but at least all the automation is there and really thats the important part. Integrating it into Zerto and the VPG’s may take some more time to work out.
thanks man
- Production DNSservices should be up and running in the DR site already to keep them always up to date with the source/production site.
The forum ‘VMware’ is closed to new topics and replies.