Problems With "allow-update-forwarding"
Alan Shackelford
ashackel at jhmi.edu
Tue Apr 5 17:11:21 UTC 2011
This weekend my stealth master DNS went off the network for a few hours due to a problem with some fiber. Two of my six slaves seemed to be adversely affected by the master's outage. The expire time on my zones is a week, and we have always believed (and in fact observed) that the zones can stay healthy for days without contact from the stealth master. However, this weekend two of the slaves had problems. Close examination of the configs showed only one difference between these slaves and the other four. These two are configured with "allow-update-forwarding" for six reverse zones, to allow Windows AD client machines to create their own PTR records. Naturally, it was impossible for these updates to be forwarded when the master was off line. Could this have caused the average lookup times to go from 40ms to over 1000ms for these two servers? It doesn't seem that it could, since it is a totally different sort of operation, but I can only find this difference between these two and the other four.
Thanks for your help,
Alan
Alan V. Shackelford Sr. Systems Software Engineer
The Johns Hopkins University and Johns Hopkins Medical Institutions
Baltimore, Maryland USA 410-735-4773 ashackel at jhmi.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110405/c2bb6793/attachment.bin>
More information about the bind-users
mailing list