Determining Which Authoritative Sever to Use
Grant Taylor
gtaylor at tnetconsulting.net
Tue May 10 21:48:39 UTC 2022
On 5/8/22 5:58 AM, Tony Finch wrote:
> Regarding anycast, it isn't necessary for internal authoritative
> servers unless your organization is really huge (and probably not
> even then): it is simpler to just use the DNS's standard reliabilty
> features. All you need to do is have more than one authoritative
> server for each zone.
I don't know if it's a requirement for the OP or not, but Windows used
to reach out to the MName server to perform dynamic updates. So there
might be some merit to the name of the MName server to be a pseudo name
that resolves to an anycasted address, thus clients try to perform the
dynamic update to the closest instance of the anycast / (pseudo) MName
server.
Aside: Years ago, BIND secondaries would happily forward such dynamic
updates the real primary MName server.
Further aside: The last time I looked, MS-DNS ADI zones would forge the
local server's name as the MName to cause this type of client redirection.
> On the other hand, anycast is a good way to improve the availability
> and maintainability of your resolvers, because your users' devices
> talk directly to them, and if they don't work there might as well
> not be an Internet connection.
I agree that anycasted service points make administration somewhat
simpler. However I do question the /need/ for such flexibility when
things like DHCP are likely used for client configuration and can
therefor manage most things automatically.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220510/3db88fae/attachment.bin>
More information about the bind-users
mailing list