Dynamic zone transfers - performance

Kevin Darcy kcd at daimlerchrysler.com
Mon Jul 25 19:52:29 UTC 2005 

John Horne wrote:

>Hello,
>
>We have used static zones since we first obtained our IP address range
>(many years ago), but we are considering changing to using dynamic
>zones.
>
>As an educational site we have many labs and open-access areas where
>PC's DHCP to connect to our network. Previously this has been done
>within a local MS DNS/DHCP setup. This may change such that our
>unix/linux (BIND 9.2.3) name servers handle the dynamic updates from the
>DHCP servers (which too may move onto linux boxes).
>
>My question though concerns our remote secondary name servers. They
>currently perform incremental zone transfers of the static zones. With
>dynamic zones I am anticipating that the number of IXFR zone transfers
>will increase quite a lot - we have staff/students starting up PC's all
>day long! The current DHCP leases are 3 days long, although I am told
>this may increase. We currently have around 5000 PC's and a whole load
>of (MS) servers which all DHCP.
>
>My question is whether anyone has experienced any problems when using
>dynamic zones and a load of DHCP'ing PC's? In particular I guess I am
>thinking about say a Monday morning when a lab of PC's is suddenly
>turned on, they all DHCP and all dynamically update the DNS. I am
>assuming that all these updates are sent to the secondary name servers
>as incremental zone transfers, which is fine, but that there may well be
>a lot of them all at once.
>
I know it's not really a *solution*, but you don't *have* to send 
NOTIFYs to all of your slave servers all of the time. With BIND 9's 
"notify explicit" feature, you can "turn off" NOTIFY for even a server 
which is listed in the NS records of the zone. That would leave the 
slave to wait for the tunable REFRESH interval to roll around before 
checking the serial number. I've even heard about utilities that can be 
used to manually send a NOTIFY to a particular server for a particular 
zone, although I've never used one myself. Such a utility, in 
conjunction with "notify explicit", could probably help you to 
orchestrate an efficient use of your resources.

Then again, you're not limited to using AXFR/IXFR either. You can use 
"out-of-band" methods (e.g. rsync) to transfer the zone files to your 
"slaves" (which would actually be configured as "master"s in this 
scenario), and some sort of mechanism, e.g. rndc, to reload individual 
zones after they've been pushed.

The basic issue though, is that dynamic registration of DHCP clients in 
DNS is a high-volume activity. You can shape and tune and optimize it 
all you want, but the bottom line is you've got a lot of data to 
propagate on a more-or-less continuous basis.

                                                                         
                                                      - Kevin

More information about the bind-users mailing list