Glue Records for a Subdomain
Martin McCormick
martin at dc.cis.okstate.edu
Thu Mar 28 15:47:29 UTC 2002
Kevin Darcy writes:
>Martin,
> I hope you're also clear on the fact that these two sets of
>delegation records would go into two *different* zonefiles (unless you're
>just adding them to an internal root zone).
They are part of an internal root zone.
The idea is that our master dns is sacred and we don't
want X or Y subdomain to directly update it. This is especially
true because we don't particularly trust the name server software
they are using. The records are supposed to make
host.thatsubdomain.ourdomain resolve as if the data were actually
on our master and slave dns's.
Unless there is some insidious factor I can't see from
inside our domain, things appear to be working so far. The only
thing I have noticed is some latency (actually a lot of latency)
in some lookups when I ask our master dns to do a lookup that
ends up using the departmental dns. That dns is essentially
doing nothing right now because it just got turned on and has no
records other than the SOA record and some other resource records
that will be used by clients in that department. It took 4
seconds to retrieve the SOA record as an example.
Trying another record yielded a latency of 75
milliseconds so there appears to be a lot of variation.
The network between that dns and our master is in fine
shape with 100Mb end-user switched Ethernet and gig fiber so it's
not the wire.
By contrast, I tested the latency between here and
Berkeley.edu. Both universities are on Internet 2. A single
retrieval of Berkeley's SOA record took 50 milliseconds.
Berkeley is roughly 3,000 kilometers from here and the new system
we are testing is a good 10 to 15 minute walk from the building
we are in. it is probably about 500 Meters at the most.
Martin McCormick WB5AGZ Stillwater, OK
OSU Center for Computing and Information Services Network Operations Group
More information about the bind-users
mailing list