Debugging zone delegation
Simon Waters
Simon at wretched.demon.co.uk
Tue Feb 12 18:24:21 UTC 2002
Joan Creus wrote:
> I am running BIND 8.2.2 (under Nortel NetID). One of my zones is
> delegated to two non-BIND name servers. However, I want all the
> queries to be resolved by just one of the servers, and have the other
> kick in only if the first one is down. This is accomplished by the
> "topology" statement, and it works just fine.
8.2.2 has a known security flaw.
The main reason to use topology is to ensure servers avoid over
committed links.
BIND 8 still prefers faster servers, over topology, so if the
server is so slow BIND 8 thinks it might be on a different
continent, or fails to respond, BIND 8 will preferentially use
faster servers in defiance of the hints given.
Given your less preferred servers are responding faster, BIND is
probably doing the right thing ;). Is the first server
overworked?
Do all your servers have a consistent view of the DNS?
On the BIND 9 code (Which doesn't do topology AFAIK) not
answering gets a huge great wad of penalty time added into the
servers average response time, which will take some living down,
which would be consistent with what you are seeing.
I don't think it is very tunable without a C compiler ;)
--
Free Software: What good is Open Source without Freedom?
Open Source Day 2002/04/27 Exeter University
Entry is free (as in free beer, but there isn't any free beer)
http://www.dclug.org.uk/ossday/
More information about the bind-users
mailing list