Authoritative Redundancy
Kevin Darcy
kcd at chrysler.com
Thu May 20 16:59:23 UTC 2010
If your primary master goes down, and you want to ensure that all of
your slaves get the *latest*available*version* of the zone, and serves
it until the master comes back up, then you would "cross-connect" all of
your slaves so that eventually they'll all sync up to that version.
*HOWEVER*, because of protocol limitations, this will essentially break
zone expiration. If you delete a zone on the master, in other words, and
forget to delete the definition on 2 or more slaves, then they'll keep
"refreshing" from each other indefinitely, since the refresh timer gets
reset even if nothing changes in the zone. The zone is "immortal" on
those slaves, and manual intervention will be necessary to get rid of it.
A protocol fix for this was floated to the IETF Working Group, but not
enough interest was generated to make any kind of change.
If your configuration-control system reliably deletes all slave-zone
definitions, then maybe this is a non-issue for you.
- Kevin
On 5/20/2010 12:08 AM, Baird, Josh wrote:
> Would there be any benefit in assigning them as additional master's
> for all of my zones (in addition to DNS01), or would this just
> complicate the entire environment?
> Thanks
>
> In article <mailman.1534.1274300384.21153.bind-users at lists.isc.org>,
> "Baird, Josh" <jbaird at follett.com> wrote:
>
> > Hi,
> >
> > I currently have three authoritative servers in the RRset for my
> > internal zones:
> >
> > NS dns01.blah.com.
> > NS dns02.blah.com.
> > NS dns03.blah.com.
> >
> > DNS01 is the sole master for my internal zones. I have a number of
> > resolving DNS servers throughout my environment that contain slave
> > definitions for my internal zones to override recursion. These slave
> > definitions use DNS01 as their master (only DNS01, not DNS02/03).
> >
> > zone "example.com." IN {
> > type slave;
> > masters { DNS01's_IP_ADDRESS; };
> > file "hosts/slaves/example.com-hosts";
> > };
> >
> > DNS02 and DNS03 also contain slave zones for all of my internal zones.
> > Their master is also DNS01.
> >
> > My question is.. am I gaining anything by having DNS02/DNS03? With
> > DNS01 being my sole master, it doesn't seem like DNS02/DNS03 are
> > providing any additional benefit. How could I make a better use of
> > DNS02/DNS03? Recursion is disabled on them, and no clients directly
> > query them; they query the numerous resolving DNS servers throughout the
> > environment.
>
> I think you can safely get rid of them. With all your internal
> resolvers running as stealth slaves for your zones, you don't need
> published slaves. NS records are only used by recursive servers.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100520/646199c5/attachment.html>
More information about the bind-users
mailing list