using acls in also-notify doesn't work -- alternative?
Barry Margolin
barmar at alum.mit.edu
Fri Nov 12 05:11:40 UTC 2004
In article <cn1din$2gt8$1 at sf1.isc.org>, Danny Mayer <mayer at gis.net>
wrote:
> At 11:17 PM 11/9/2004, Phil Dibowitz wrote:
> > > Can you back up and explain why you think you need also-notify?
> > > If the nameserver is listed in a NS record in the zone it will always
> > > be notified if the zone changes whether or not you have an also-notify.
> > > If they are not in the list of NS records why do you think you need to
> > > transfer zones to them?
> >I have NS records for all our external facing DNS servers. We also have a
> >handful of DNS servers that we don't want NS records for such as servers that
> >have a DNS server for themselves so they don't rely on anyone else... and a
> >handful of other recursive servers.
>
> There's no real good reason to do it that way. Those servers can always
> find the nameservers for those zones and make the queries. They don't
> need the zone. If it were otherwise nameservers on the Internet would have
> collapsed from the load a long time ago.
They'll get the data eventually, when the Refresh time arrives, but if
you want them to pick it up immediately you need to use also-notify.
When I was at Genuity, the advertised NS records resolved to anycast
addresses that had multiple real servers listening on them. We wanted
them all to be updated quickly after the hidden master updated, or after
we pulled a zone transfer from a customer's master (we had a single,
unpublished server that performed this role, which the published slaves
pulled from). Also-notify was important for this.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list