FQDNs in masters-list (was: Help: Secondary for...)
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Tue Mar 6 22:25:44 UTC 2001
>
> Hello Mark,
>
> ..thanks a lot for your advice.
>
> > It would be achievable for a stealth master. If I was
> > doing it I would have the stealth master send signed notifies
> > periodically, similar to the dialup master, and have the
> > slave accept the notify if the signature was correct and
> > save the source address for the refresh query. Only notifies
> > would trigger the refresh check similar to dialup.
>
> Would you mind to give any suggestion how the configuration syntax for
> this should look like? Since the stealth master doesn't have a static
> IP address, it can't be listed in masters nor in allow-notify. I was
> thinking about something like [ allow-stealth-notify <i>key</i> ; ]
> and not mentioning the stealth master at all. As Brad pointed out, the
> master's DNS name could be hijacked anyway. Or should I use a
> combination of both?
I would have just master-from-notify { acl; }; and no masters
clause.
>
> One more question: I reckon that the SOA records for the zones in
> question should feature the slave, not the stealth master?
No, it should indicate the stealth master.
>
> > I would not have a dynamic host listed as a nameserver.
> > I'm assuming, in saying this, the dynamic host is dropping
> > off the net and the address is potentially being re-assigned,
>
> Yes, with blackout periods typically <2 sec. Still, dnyndns.org works
> magnificent for me: Although all their dynamic A records have a TTL of
> 1M, they don't seem to get cached at all. Querying my address
> immediately after an address update with dyndns instantly yields the
> current address, although I use the forwarding infrastructure of
> Deutsche Telekom. But this is just my very individual situation and
> might not be the case for everyone else. The stealth master idea
> sounds much more robust.
>
> Best regards,
> --Andreas
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list