replication between primary & secondary bind servers in linux?

Tue Feb 6 15:48:42 UTC 2001

There appears to be a common misconception about the function of DNS
servers.  A DNS server has TWO purposes, first: to allow local users to
resolve host names into IP addresses, and the second function is to
allow the outside world to resolve the DNS information maintained on
the server.  When someone makes a statement that geographically
distributed DNS servers are not important for an organization be "...
they wouldn't be able to do anything anyway", this organization is
failing to recognize the importance of the second function.

It an organization's Internet connection breaks, obviously the users in
the organization will be unable to get out, so the usefulness of a
functioning DNS server is limited.  But what about people that are
trying to get TO the organization?  Again, obviously telnet, ftp, and
http access is impossible - but what about SMTP mail?  As long as DNS
information is available, SMTP mail can be queued for later delivery
when Internet connectivity is restored.

There is a tremendous difference between a response of "no such host",
and "no route to host" in terms of Internet communication.  The "no
such host" response will be received whenever there is no DNS
information available, such as if there really is no DNS information
but also if there are no DNS servers available for the domain.  The
second, "no route to host" response identifies that DNS information is
available but that the destination is unavailable.  If a destination is
unreachable, SMTP e-mail will be queued for later delivery, when
connectivity is reestablished.

This issue is addressed in RFC 2182 (also identified as BCP 16 - "best
current practice"), "Selection and Operation of Secondary DNS Servers"
by R. Elz, et.al.  This should be manditory reading for anyone
responsible for managing a DNS name server for a domain.  A copy of
this RFC can be found at http://www.dns.net/dnsrd/rfc/ if you don't
already have a better RFC mirror site that you use.

If the DNS servers that you are dealing with are not identified by the
root name servers as authoritative for your various zones, then you are
spending a tremendous amount of effort to create a service with little
impact for your users.  These servers, if they have not already been
configured as slave servers, will quickly obtain, and cache, the
necessary DNS information when queried.  Adding a sophisticated
mechanism for defining slaves will provide little improvement to your
service.

There is a Webmin system available on the Internet, that can be found
through http://www.dns.net/dnsrc/tools.html.  I haven't used it, but
did play with it once.  I can't vouch for it, so you may want to give
it a try.

The "DNS Resoureces Directory" at http://www.dns.net/dnsrd is a
resource that almost everyone involved in DNS management should keep
bookmarked.   This site has a wealth of DNS related information that
you should look over to avoid making too many mistakes.

Bill Larson

> Anyway I see your point about NFS and the DNS.  I can see how it would be a
> good idea to have the DNS separated geographically but it isn't possible in
> this case.  In fact, everything that is pointed to by all the DNS is hosted
> at the same location so if the link went down they wouldn't be able to do
> anything anyway.
.
.
.
> The reason I need to do this is that it is for an ISP that will have someone
> making DNS entrys that really doesn't know anything about DNS (the linuxconf
> utility for redhat seems to work well for an easy edit).  BTW, do you know
> any good web based DNS editors that I could use?