Dynamic DNS and Slave Servers

[Chris Buxton]

On Jun 18, 2009, at 6:59 AM, Borgia, Joe A CTR USAF AFMC AFRL/RIOS  
wrote:
> I’m trying to learn DDNS at break-neck speed over here. I guess I’m  
> a little surprised that there are .jnl files on my slave server. I  
> have no allow-update statements on that server, unless maybe these  
> files are coming from zone transfer?

Correct. Modern versions of BIND assemble journal files based on the  
IXFR's (incremental zone transfers) that they get from their masters.

allow-update in a slave zone would be invalid.

> Also, is it normal for the master zone tables to turn into files  
> that look like slave zone tables after you enable DDNS?


Yes. Once a zone is dynamic, you're no longer allowed to edit the zone  
file directly (unless you make it static again, for example by use of  
'rndc freeze'). And after it starts to receive updates, the server  
needs to be able to write the effect of those updates to the zone  
file. Rather than work with the content you have, making changes to  
the file, named simply writes out a new file and deletes the old one.  
This happens 15 minutes after the first update received after the last  
time the zone was written out. That is:

starting point
wait for an update
receive update
wait 15 minutes
write out new zone file containing the current snapshot state of the  
zone
go back to starting point

Of course, all updates are immediately written to the journal file  
when they're received, so that if the server should fail or be told to  
halt, the next time it starts up it can recover the most recent state.

Chris Buxton
Professional Services
Men & Mice