Master to Slave Schedule to Avoid Poison Propegation
Danimal
dannie.stanley at gmail.com
Fri Aug 12 13:29:01 UTC 2005
Group:
I am reconfiguring our DNS setup. The current installation is a pretty
standard setup with a master and a slave. A member of my team inquired
whether or not we could keep the primary and secondary slightly out of
sync to eliminate propegating bad data.
So for example if the master somehow became compromised we could remove
it from the network before it infected the DNS records of the slave.
So two questions:
1) Is this a common goal?
2) What setup would achieve this goal?
If a setup like this is advisable it would seem there are two options:
multiples masters or master/slave with delayed zone transfers. I have
some ideas about what might work but I won't confuse this topic by
interjecting incorrect information.
Your help is greatly appreciated.
Have a good day,
Dannie
More information about the bind-users
mailing list