Problems With "allow-update-forwarding"

[Alan Shackelford]

This weekend my stealth master DNS went off the network for a few hours due to a problem with some fiber. Two of my six slaves seemed to be adversely affected by the master's outage. The expire time on my zones is a week, and we have always believed (and in fact observed) that the zones can stay healthy for days without contact from the stealth master. However, this weekend two of the slaves had problems. Close examination of the configs showed only one difference between these slaves and the other four. These two are configured with "allow-update-forwarding" for six reverse zones, to allow Windows AD client machines to create their own PTR records. Naturally, it was impossible for these updates to be forwarded when the master was off line. Could this have caused the average lookup times to go from 40ms to over 1000ms for these two servers? It doesn't seem that it could, since it is a totally different sort of operation, but I can only find this difference between these two and the other four.

Thanks for your help,

Alan

Alan V. Shackelford                   Sr. Systems Software Engineer
The Johns Hopkins University and Johns Hopkins Medical Institutions
Baltimore, Maryland USA       410-735-4773        ashackel at jhmi.edu


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110405/c2bb6793/attachment.bin>