rndc reconfig causing long timeouts

Brad Knowles brad at stop.mail-abuse.org
Sat Oct 1 05:50:12 UTC 2005 

At 9:56 PM -0700 2005-09-30, Bryan Irvine wrote:

>>  mail, www, etc, and sub-domains.  I am now thinking that the best 
>>way to solve these
>>  timeouts is to make our ns1 machine not be the master on which we run
>>  the rndc reconfig but run the reconfig on a non public master and
>>  have it update our 3 public slave namservers.  What is the term for this
>>  type of setup and is there a good methodology for migrating from 
>>what we have now (3
>>  nameservers, ns1 being master).
>
>  Are you thinking of a gold server?

	Uh, no.  The typical terminology for this case is "hidden master".


	As for migrating, that's usually not hard.  Bring up another 
machine, set it up as a new secondary.  Once you're comfortable with 
how well it works, change the IP address of the master-to-be-hidden 
and change the IP address of the new ns1 to be that of the old 
master.  Make sure to update the other secondaries with the new IP 
address of the now-hidden master.

	The delegations will stay the same, and you'll continue to do 
your maintenance on the same machine.  But, that hidden master will 
be on a different IP address.

	Alternatively, bring up a new machine as a clone of the existing 
master.  Once you're comfortable that everything is in place, update 
the /etc/named.conf on all the secondaries to point to the new master 
and copy that secondary configuration onto the old master.  Make sure 
to save all old configurations, just in case.


	One thing to keep in mind is that you'll still need to run "rndc 
reconfig" on all the secondaries, because to add zones you will need 
to update the /etc/named.conf files on these machines.  But, you can 
stagger those so that no more than one machine at a time is doing an 
"rndc reconfig".

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-users mailing list