Tuning for lots of SERVFAIL responses

[Dave Warren]

On 2016-02-18 18:19, John Miller wrote:
> Something I just thought of: how did you manage your NS records in
> this situation?  To get NOTIFY/IXFR to work properly, either you have
> to list every one of your recursive servers in your local NS records
> or you have to do an also-notify block on the master.  Or you just
> skip the NOTIFY/IXFR altogether and set very low refresh values on
> your zones!  How did you handle standing up/taking down servers
> quickly?

At one site we had a script that builds the list of IPs for the 
also-notify block and allow-transfer block dynamically, and for 
deploying a new recursive server we run a script that downloads an 
appropriate named.conf and registers with the aforementioned script to 
subscribe to notifications.

It also re-downloads the named.conf (and re-registers for notifies) via 
cron, so the master script refreshes the list of slaves. At least at the 
start, we didn't actually track timestamps or anything fancy, we should, 
but it never got implemented, instead we just dumped the whole list once 
in a while and recursive/slave servers got to wait an hour until their 
cron ran before they got notifies, in the mean time, the short refresh 
value took care of it.

It's not perfect, it could be better, but it worked with a minimum of 
hassle.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren