Best Practices for Authoritative Servers
Paul Vixie
Paul_Vixie at isc.org
Sun Feb 3 04:04:41 UTC 2008
Mark Andrews <Mark_Andrews at isc.org> writes:
> Danny, it is more complicated than that.
yea, verily.
> Consider the transfer graph:
>
> B Transfers from A
> C Transfers from B
> C Transfers from D
> D Transfers from B
> D Transfers from C
>
> A
> |
> V
> B
> / \
> V V
> C<->D
>
> C and D are peers, A and B are treated as masters.
>
> Now add in E which transfers from B, C and D. If C and D are
> treating each other as peers then E can treat B, C and D as
> masters. If C and D treat each other as masters then E can
> only treat B as a master and need to treat C and D as peers
> even though they don't transfer from E.
this is what made RFC 1996 so hard to write -- even though the protocol
itself is very simple, the language we must use to describe the protocol
agents and roles is like a hairball dipped in honey. as shown in the
excerpt below, we had to define the roles, knowing that a given server
can assume more than one of those roles at various times, including at
the same time.
===
2. Definitions and Invariants
2.1. The following definitions are used in this document:
Slave an authoritative server which uses zone transfer to
retrieve the zone. All slave servers are named in
the NS RRs for the zone.
Master any authoritative server configured to be the source
of zone transfer for one or more slave servers.
Primary Master master server at the root of the zone transfer
dependency graph. The primary master is named in the
zone's SOA MNAME field and optionally by an NS RR.
There is by definition only one primary master server
per zone.
Stealth like a slave server except not listed in an NS RR for
the zone. A stealth server, unless explicitly
configured to do otherwise, will set the AA bit in
responses and be capable of acting as a master. A
stealth server will only be known by other servers if
they are given static configuration data indicating
its existence.
Notify Set set of servers to be notified of changes to some
zone. Default is all servers named in the NS RRset,
except for any server also named in the SOA MNAME.
Some implementations will permit the name server
administrator to override this set or add elements to
it (such as, for example, stealth servers).
2.2. The zone's servers must be organized into a dependency graph
such that there is a primary master, and all other servers must use
AXFR or IXFR either from the primary master or from some slave which
is also a master. No loops are permitted in the AXFR dependency
graph.
--
Paul Vixie
More information about the bind-users
mailing list