Splitting off a sub-zone "atomically"
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue May 11 08:12:59 UTC 2010
On 10.05.10 16:20, Phil Mayers wrote:
> We're doing some DNSSEC testing with sub-zones of our main zone, and I
> had a little accident largely due to my own incompetence today where I
> basically did this:
>
> 1. Existing zone "example.com"; create new zone "sub.example.com"
>
> 2. Run a SQL->DNS update; *.sub.example.com RRs are removed from
> "example.com", and added to "sub.example.com"
>
> 3. Slaves immediately get the NOTIFY for "example.com" and remove the
> records via IXFR, but aren't yet configured for "sub.example.com" (cron
> job hasn't yet run)
>
> 4. Some time later, the cron job runs
>
>
> Obviously between 3 & 4 we weren't resolving "sub.example.com" on the
> slaves. Tedious.
that's why you should push glue NS records for sub.example.com to
example.com pointing to servers that will have those zones (at least some of
them must already have them). The same set of NS records should be in
sub.example.com of course.
> Obviously I can change my procedures to do:
>
> 1. Create zone on master
> 2. For each slave:
> a. axfr file from master
> b. add zone into /etc/named.conf
> c. rndc reload
> 3. On master, remove *.sub.example.com RRs from example.com
>
> ...but I was just curious.
creating proper delegation is much safer way to achieve that.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
More information about the bind-users
mailing list