Best Practices for Authoritative Servers
david brett
dbrett7 at yahoo.com
Thu Jan 31 23:10:21 UTC 2008
The short answer is yes, all three servers need to be included if all three are to be
authoritative servers
david
--- "Baird, Josh" <jbaird at follett.com> wrote:
> Chris,
>
> Sorry for the terminology confusion. Let me try to explain again:
>
> I have three authoritative servers: 172.20.1.1, 172.20.1.2, 172.20.1.3. These three servers are
> listed in the NS RRset for all of my internal domains. They do not allow recursion.
> 172.20.1.1's zones are defined as masters:
>
> zone "blah.com"{
> type master;
> file "blah.com";
> };
>
> The other two authoritative servers contain zones that are slaves to 172.20.1.1:
>
> zone "blah.com"{
> type slave;
> masters { 172.20.1.1; };
> file "blah.com";
> };
> Now, I have several resolving/recursive servers that contain these zones as well that devices
> use for resolution. I could get the same result by using stub zones, which I might change to in
> the future. The zone statements on the resolving servers are as follows:
>
> zone "blah.com"{
> type slave;
> masters { 172.20.1.1; };
> file "blah.com";
> };
>
> My question was, are the zone statements on the resolving servers correct? Should I include all
> three of the authoritative servers in the masters { } substatement in the zone definitions of
> the resolving servers? Would there be any additional benefit of doing this?
>
> Thanks -- hope this was a bit clearer,
>
> Josh
>
>
>
>
>
> ________________________________
>
> From: bind-users-bounce at isc.org on behalf of Chris Buxton
> Sent: Thu 1/31/2008 5:14 PM
> To: John Wobus
> Cc: Bind-Users List
> Subject: Re: Best Practices for Authoritative Servers
>
>
>
> A server is authoritative for a zone if it has a complete, non-cached
> copy of the zone. In other words, if it is master or slave for that
> zone, and if the zone loads correctly, then it is authoritative. This
> is indicated by the 'aa' flag in a response from the server.
>
> It does not matter whether any NS record in the zone refers to the
> server by name. In fact, a name server doesn't necessarily know its
> own name(s), nor does it normally need to do so. I don't believe the
> BIND name server makes any attempt to figure out a name for its host
> machine, for example.
>
> - --
>
> To the original poster, I have to say, the question is unclear. In
> what way are you including name servers in the zone definitions? What
> zone definitions? It is always clearest to other people when
> discussing BIND if you use standard BIND terminology, even if that
> terminology does not come naturally to you. Therefore, you might
> discuss configuration items such as a "zone statement", a "masters
> substatement inside a slave zone statement", a zone's "apex
> records" (the records in the zone that have the same name as the zone
> itself - this one's not too commonly used, I think), etc.
>
> Chris Buxton
> Professional Services
> Men & Mice
> Address: Noatun 17, IS-105, Reykjavik, Iceland
> Phone: +354 412 1500
> Email: cbuxton at menandmice.com
> www.menandmice.com
>
> Men & Mice
> We bring control and flexibility to network management
>
> This e-mail and its attachments may contain confidential and
> privileged information only intended for the person or entity to which
> it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any retention, dissemination,
> distribution or copy of this e-mail is strictly prohibited. If you
> have received this e-mail in error, please notify us immediately by
> reply e-mail and immediately delete this message and all its attachment.
>
>
>
> On Jan 31, 2008, at 12:39 PM, John Wobus wrote:
>
> > This brings to mind a point I am confused about. What causes bind9
> > to mark a query-response as authoritative? Is it sufficient that the
> > data come from a zone configured in this nameserver to be either
> > master or slave? Or, does it matter if there exists an NS record that
> > points
> > at the nameserver itself? The specific point is whether, you can
> > run a caching server also that transfers some select zones, yet answer
> > queries for names in these zones as if they were cached.
> >
> > I couldn't find a quick answer with google or any of my books.
> >
> > John
> >
> > On Jan 31, 2008, at 2:47 PM, Baird, Josh wrote:
> >
> >> I currently have three authoritative (non-recursive) internal
> >> nameservers (these servers are listed in the NS RRset for all of my
> >> internal domains). I also have several resolving/caching servers
> >> which
> >> hold the slave zones for these authoritative servers. On these
> >> resolving servers, the zone definitions only define one of the three
> >> authoritative servers. Would it be best to include all three
> >> authoritative servers in the zone definitions for the slaves? What
> >> benefit would I gain? Is there even a point in having three
> >> authoritative servers, when only one is listed in the zone
> >> definitions
> >> for the slaves?
> >>
> >>
> >> I appreciate any input.
> >>
> >>
> >>
> >> Thanks,
> >>
> >>
> >>
> >> Josh
> >>
> >>
> >>
> >
> >
>
>
>
>
>
>
>
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
More information about the bind-users
mailing list