Problem to transfer reverse zone DNS on secondary DNS servers

Grant Taylor gtaylor at tnetconsulting.net
Fri Dec 27 20:03:01 UTC 2019 

On 12/27/19 10:48 AM, Matus UHLAR - fantomas wrote:
> I think that it should be either change local DNS or call ISP to change 
> it, not both at once.  Having both usually creates/hides different kinds 
> of problems.

Yes, ideally the configuration lives in one place.  Multi-master is 
always problematic.  Particularly for day to day operations.

Initial configuration is another story.  That will likely involve 
configuration at both ends.  I.e. ISP delegating to customer and 
customer configuring their name server appropriately.

> the ISP should the client what zone to configure,

Did you mean that to be "the ISP should *tell* the client what zone to 
configure"?

> e.g.  pasteur-cayenne.246.2.186.in-addr.arpa and they put RFC 2317-like 
> CNAME delegations to that.

Maybe.  Maybe not.  I'd likely have stern words with an ISP if they 
tried to dictate to me how I configured my DNS zones and servers.

I can see the ISP informing the customer of what options they support 
and then the customer choosing from that set.

About the only reason that I'll accept from an ISP for them trying to 
dictate what zone is used is them admitting that their configuration 
management system having limitations and not supporting what I want.

> As an ISP, I'd like to be configured as slave for that domain.

Okay.  That's a different issue.  One that is a preference at that.  I 
don't have any overt objection to it.

> Yes, it can work, but I personally don't like setting up multiple reverse 
> subdomains like this.  I believe configuring single domain for multiple 
> records is theway to go.

As an ISP, you're only working with one domain, namely the associated 
in-addr.arpa domain.  So why do you care how many domains the client 
needs to configure on their server?

Your desire to slave transfer not withstanding.  But even that is your 
desire.

Your desire to have a slave copy means that you are beholden to how the 
domain owner wants to configure things.  If that's one domain, fine.  If 
that's multiple domains, then so be it.

> in any case, if the OP needs to fixing things on the local side AND to 
> call ISP to change it, something is broken, or at least inefficiently 
> implemented.

I don't know if "broken" is how I'd describe this.  I think the OP is 
still in the early set up phase.  Thus why it's normal that he needs to 
call the ISP to get them to do the initial configuration.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191227/b2ffa72d/attachment.bin>

More information about the bind-users mailing list