DNS Blackholing
Barry S. Finkel
bsfinkel at att.net
Tue Dec 4 18:35:24 UTC 2012
On 12/4/2012 6:00 AM, John Hascall <john at iastate.edu> wrote:
> We have found that RPZ works quite well for us.
> We have 366825 names in our RPZ zone at present
> and scaling thus far has been a non-issue.
A question from the OP that has not yet been answered -
Make the zones masters on all servers. What I did was to
have a file in common storage accessible to each DNS server,
and every 10 minutes a cron job would run to see if the
file in common storage had been updated. If so, then
the file was copied to the local disk, and an "rndc reconfig"
command was issued to re-read the config file. Note that the
10-minute cron ran at a different minute on each server to insure that
only one server was reloading at any given time.
--Barry Finkel
More information about the bind-users
mailing list