Win2K, BIND & Multi-master

[Danny Mayer]

At 01:11 PM 5/9/02, Cricket Liu wrote:

>Hi, John.
>
> > I've got a consultant here telling me that BIND can be set up with a
> > multi-master model.
>
>Hmm.  I'm not exactly sure what he means by that.  You can run
>multiple primary master name servers for a zone and synchronize
>them with a mechanism other than zone transfers, but that wouldn't
>handle dynamic updates very well.

What he really means is that DNS not BIND, ie W2K DNS, can be set up
to be multi-master.  This means that you have to store the data in Active
Directory and Active Directory takes care of replicating the changes to
the other masters. The dynamic updates go to any master and Active
Directory takes care of the rest.

> > I've been trying to get it to work (for several days), but everything I
> > currently know about BIND 8.2.3-REL goes against having multiple
> > masters.
> >
> > Test #1:  I've configured just 2 servers.  A test domain -on server 1 is
> > configured as "master",
> > on server 2, it's a "slave".  Using nsupdate, (while on DNS server #1) -
> > I add a record, the master sends a NOTIFY, it's received, the slave does
> > a AXFR,  -and all's well. (I'd like for it to do a IXFR... I can't figure
> > that out either!)
>
>Better to do IXFR with BIND 9 than BIND 8.
>
> > Test #2:  I've configured just 2 servers.  A test domain -on server 1 is
> > configured as "master",
> > on server 2, it's also a "master".  When using nsupdate, again -on DNS
> > server #1, it sends the NOTIFY to server #2, but [I presume 'cause it's
> > also a master] I get:
> >
> >         notify: info: NOTIFY(SOA) for non-secondary name
> >
> > ...and, as expected, the second "master" server ignores the update from
> > the "true" master.
>
>Yup.
>
> > I've been playing with "notify yes;".. and that doesn't make any
> > difference either.
>
>No, it wouldn't.
>
> > My goal is to find a way to get BIND 8.2.3 replication-model to mimmic
> > Win2K's DDNS.  I need to allow for multiple company sites to each have
> > their own master for ....say... the adaptec.com zone.  If a Win2K client
> > in one site does a dynamic update- it'll update the DNS server specified
> > in the clients DNS settings... right?  That would be their *local* DNS
> > server.
>
>No, a dynamic update client can send an update to any name server.
>It figures out which name server to send the update to by looking
>up the SOA record for the domain name in the update.  That domain
>name doesn't always have an SOA record, but even a negative answer
>returns the SOA record of the enclosing zone.  The updater extracts
>the MNAME field and sends the update there.
>
>Does that mitigate your need for masters everywhere?
>
> > Any ideas on how can I get the other "master" DNS servers to see their
> > update (and do IXFR's)?  I'm guessing master/slave is the ONLY way if we
> > want to stick
> > with BIND.  And I REALLY want to stick with BIND!
>
>I don't think you can do what you're trying to do with BIND.
>But then I don't think you really need to.

You CAN what you need with BIND, it's just not multi-master. It's a different
design and it's called master/slave.  Implement that you every works fine.
You can use IXFR for transferring just incremental changes and minimize
the loads on the machines.

>cricket

Danny