Zone Transfer from a Slave

[Barry Margolin]

In article <8gk7rg$ff4 at fox.almaden.ibm.com>,
Tony Rall  <usenet at almaden.ibm.com> wrote:
>In article <20000525135356.O2885 at washington.cospo.osis.gov>,
>Joseph S D Yao  <jsdy at cospo.osis.gov> wrote:
>> It helps if the first slave
>>server has "also-notify" set for the second slave server.
>
>Anytime you "chain" updates through multiple servers it extends the
>time it takes for changes (made on the real master) to propagate out
>to all the slaves.

You also multiply the time it takes for the second-level slaves to expire a
zone if the original master fails.  When the 1st-level slave first starts
getting errors, it continues to answer authoritatively and allow zone
transfers to the 2nd-level slaves.  After the expire-time period, the
1st-level slave expires the zone, and then the 2nd-level slaves start
getting errors.  They won't expire the zone until another expire-time
period elapses.

We actually have a configuration like this.  When we provide secondary DNS
to a customer, we have a stealth slave server that performs the transfers
from the customers' servers.  Then the advertised servers transfer from the
stealth server (it has "notify" options configured for all the domains, so
these transfers happen pretty quickly).  I consider the above "double
expire time" action a feature.  We can monitor the log of the stealth
server for expired zone messages, and often contact the customer and get
them to fix it before the zone expires on the registered servers.

Unfortunately, it seems like Microsoft, in their infinite wisdom, defaulted
the expire time on NT DNS to 1 day, rather than something reasonable in the
1-2 week range.  So we have hundreds of customers with 1-day expire times,
and we usually can't get them to fix things that quickly.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.