Sysquery Errors
Kevin Darcy
kcd at daimlerchrysler.com
Thu Nov 23 00:17:42 UTC 2000
Jim Reid wrote:
> >>>>> "Kevin" == Kevin Darcy <kcd at daimlerchrysler.com> writes:
>
> >> Also, make sure your internal root servers are master or slave
> >> for the root zone. Master is preferable as root zones tend to
> >> require special administration rather than routine reloading
> >> and zone transfers.
>
> Kevin> Hmmm?? I've been running an internal root for years and
> Kevin> I've never had any problems with a regular master/slave
> Kevin> setup. I think BIND 8 fixed all of the pre-existing
> Kevin> root-slave problems...
>
> The "special administration" I was alluding to did not concern the
> name servers or the DNS protocol. They work just fine. I meant the
> control of the contents of the root zone: who's allowed to change it
> and put the new root zone on the name servers; the change windows when
> this can be done; access permissions on copies of the root zone file;
> when servers can be reloaded/restarted; CM procedures and audit
> trails; etc, etc.
These considerations strike me as arguments for having
*less* root-masters, not *more*. With a "single master, multiple
slaves" setup, you only need a *single* set of access rights, change
procedures, audit trails, maintenance windows, etc. since the slaves just
update automatically.
> As you say, there's no technical reason preventing
> the root zone being slaved in the usual manner: a zone is a
> zone. However there can be procedural and organisational reasons for
> not doing that as a matter of routine. And sometimes the zone
> propagation delay - even with NOTIFY - takes too long. This can
> present problems for any critical DNS zone, especially the root.
Good point. To speed up change propagation beyond the NOTIFY level
entails using some sort of out-of-band replication mechanism, and this
almost certainly requires configuring all of the slaves as
(pseudo-)masters.
Fortunately, I've never had such strict change-propagation requirements
for our internal root zone.
- Kevin
More information about the bind-users
mailing list