Setup a hidden master
Grant Taylor
gtaylor at tnetconsulting.net
Tue Feb 15 17:53:41 UTC 2022
On 2/15/22 1:07 AM, Bjørn Mork wrote:
> You'll normally get a few update queries to the SOA MNAME if you
> leave the real master there.
This was going through my mind as I read the thread.
Aside: BIND secondaries can be configured to forward such updates to
the hidden primary.
> Whether you should change the MNAME or not is another question...
Is there a recommendation / best practice regarding what to set the
MNAME to in a hidden primary configuration?
I believe that each server in an MS-DNS AD integrated configuration uses
it's own name as the MNAME. I'm not aware of a way to do similar with
BIND. The closest that I've come (in a thought experiment) is to use a
place holder name that each BIND server resolves said name to itself.
This can be done with a dedicated name it it's own independent zone that
each server has different zone contents to refer to itself.
Are there any recommendations around MNAMEs in a hidden primary situation?
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220215/edaf223a/attachment.bin>
More information about the bind-users
mailing list