Split Horizon servers as slaves ? (Was: Would this cause problems ?)
Kevin Darcy
kcd at daimlerchrysler.com
Tue Oct 14 21:11:22 UTC 2003
Simon Hobson wrote:
>On 9/9/03, Jonathan de Boyne Pollard wrote:
>
>
>
>>SH> What I thought could work would be :
>>
>>This is "split horizon" DNS service with multiple databases,
>>one of the ways of setting up "split horizon" DNS service.
>>
>><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html#MultipleDatabases>
>>
>>
>
>Right, I'm happy with this and will start testing an implementation
>just as soon as my DMZ is up and running, but I do have one more
>query ...
>
>If I run split horizon servers (also described in "DNS & BIND" under
>"Using Views on the bastion host"), can I have the zones served up by
>each view as slaves ?
>
>I can see this not being a problem if each view can be a slave from a
>different master, but what if I want to keep one master centrally
>where it's easier to maintain ? The only way I can see around this
>would be to serve up a zone under a different name to the master, eg :
>
>master has zones "mydomain.com" and "external.mydomain.com"
>
>split horizon server has views :
>"internal" for internal hosts and serves up mydomain.com as a slave
>of mydomain.com on the master.
>"external" for external hosts and serves up mydomain.com as a slave
>of external.mydomain.com on the master.
>
>Is such a thing possible ? Any other way around it ?
>
>I know that I could just have local zone files for the external views
>(which won't change very often), but the reason I particularly want
>to get them working as slaves is for scalability. If we get this to
>work, there could be perhaps a dozen domains or more, all
>administered by different groups around the world, and slaved on four
>or five split horizon servers - to give the admins access to their
>zone files, and rights to re-load the server would be a shed load of
>extra admin. If I can get the split views to work as slaves then the
>split horizon servers will need very little admin and the owner of
>each domain can manage their external DNS from their own local server
>(on whatever platform they choose (I think I am the only one in the
>group who uses BIND)).
>
>Thanks for any feedback you can provide, Simon
>
If you have another IP address available to assign to your master, you
could use a combination of notify-source, transfer-source, and/or
match-destinations to replicate your external and internal zone data
completely independently of each other.
I understand BIND 9.3 will have the ability to match views by TSIG key,
which might open up more options...
-Kevin
More information about the bind-users
mailing list