Best Practices for Authoritative Servers

Chris Buxton cbuxton at menandmice.com
Fri Feb 1 01:13:30 UTC 2008 

Mark, that's really clever. Thanks!

As for loops in the AXFR chain, I used to not see the value until a  
post from Kevin Darcy in this very forum. (I'll just refer readers to  
the list archive, since I can't find the original post.) Basically,  
what happens if the primary master goes down in the middle of  
processing zone transfer requests from two slaves, such that one slave  
has it and the other does not? Having the slaves use each other as  
backup master ensures that the updated zone makes it to the other slave.

Chris Buxton
Professional Services
Men & Mice
Address: Noatun 17, IS-105, Reykjavik, Iceland
Phone:   +354 412 1500
Email:   cbuxton at menandmice.com
www.menandmice.com

Men & Mice
We bring control and flexibility to network management

This e-mail and its attachments may contain confidential and  
privileged information only intended for the person or entity to which  
it is addressed. If the reader of this message is not the intended  
recipient, you are hereby notified that any retention, dissemination,  
distribution or copy of this e-mail is strictly prohibited. If you  
have received this e-mail in error, please notify us immediately by  
reply e-mail and immediately delete this message and all its attachment.



On Jan 31, 2008, at 4:16 PM, Mark Andrews wrote:

>
>> Yes, that's an issue. To resolve it, you might consider entering .2
>> in .3's masters list, and vice versa. This renders the expire timer
>> moot as long as you don't lose two servers unexpectedly.
>>
>> However, even if you don't, remember the value of the expire timer.
>> If .1 (the primary master) goes down, you have until (expire -
>> refresh) to fix it before things start to fail. So if your refresh
>> timer is set to 1 day, and your expire timer is set to 6 weeks, you
>> have almost 6 weeks to notice the problem and fix it before you start
>> having any symptoms appearing.
>
> 	For every link in the axfr chain you essential add a expire
> 	period.  If the chain loops then you have infinite expiry.
> 	Loops in axfr chains are not good.
>
> 	I would have all the slaves just talk to the master.  I
> 	would also have all slaves run daily checks on the modification
> 	times for the slave master files and named records the last
> 	successful refresh in that timestamp.  If that time stamp get
> 	more than a couple of days old you have a operational
> 	problem to correct.
>
> 	I run something like this from cron daily.  Tune as appropriate.
>
> 		find path/to/slaves -type f -mtime +2  |
> 		mail -E -s "Slave zone not updating" operator-list
>
> 	I started doing this when I was running nameservers that
> 	were slaves to hundreds of zones all run by different
> 	administrators.  I continue to do this now that I only have
> 	a couple of zones to manage.  It often caught problems
> 	before the administator of the master was even aware of the
> 	problem.
>
> 	Mark
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list