[59617] in North American Network Operators' Group
Re: Tertiary or 2nd Secondary DNS?
daemon@ATHENA.MIT.EDU (Mans Nilsson)
Sun Jul 13 19:56:05 2003
Date: Mon, 14 Jul 2003 01:55:10 +0200
From: Mans Nilsson <mansaxel@sunet.se>
To: nanog@merit.edu
In-Reply-To: <Pine.BSF.4.44.0307081618050.36704-100000@richard2.pil.net>
X-synced-from: Pilsnet
Errors-To: owner-nanog-outgoing@merit.edu
--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Tertiary or 2nd Secondary DNS? Date: Tue, Jul 08, 2003 at 04:22:49=
PM -0400 Quoting up@3.am (up@3.am):
> If you have a customer who is doing their own primary DNS, but you are
> doing their secondary DNS (on 2 of your name servers) for them, is it
> better practice on your 2nd DNS server to xfer the zones directly from the
> customer's primary DNS server (a second secondary DNS server) or xfer it
> from your first server (the customer's secondary server) doing "true
> tertiary" DNS? Or should the tertiary use multiple masters?
Have all servers point to the master. Reason:
If you run DNS Notify (and it is hard not to, since all usable
versions of BIND do it by default, and most people use BIND) you
might get into a situation where the master gets a new zone version,
sends out notifies to all listed name servers, which then go and
ask SOA queries, not to the IP address they got the notify from,
but to the configured master. If that master is itself a slave,
then it might not have had time to get the zone transfered and
loaded by the time its slaves start sending it SOA queries, which
will make the slaves believe that it was a bogus notify, and fall
back to the old "check once every SOA refresh seconds"
This is as I remember it, anyway ;-)=20
--=20
M=E5ns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
This MUST be a good party -- My RIB CAGE is being painfully pressed up
against someone's MARTINI!!
--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE/EfFe02/pMZDM1cURApYgAJ9e9/HEy0LIxe62LqliOrHw7wl6/gCePHAs
ESCu656YRs385aM3OOryELI=
=amfK
-----END PGP SIGNATURE-----
--9jxsPFA5p3P2qPhR--
