FQDNs in masters-list (was: Help: Secondary for...)

[Andreas S. Oesterhelt]

Hello Mark,

..thanks a lot for your advice.

> 	It would be achievable for a stealth master.  If I was
> 	doing it I would have the stealth master send signed notifies
> 	periodically, similar to the dialup master, and have the
> 	slave accept the notify if the signature was correct and
> 	save the source address for the refresh query.  Only notifies
> 	would trigger the refresh check similar to dialup.

Would you mind to give any suggestion how the configuration syntax for
this should look like? Since the stealth master doesn't have a static
IP address, it can't be listed in masters nor in allow-notify. I was
thinking about something like [ allow-stealth-notify <i>key</i> ; ]
and not mentioning the stealth master at all. As Brad pointed out, the
master's DNS name could be hijacked anyway. Or should I use a
combination of both?

One more question: I reckon that the SOA records for the zones in
question should feature the slave, not the stealth master?

> 	I would not have a dynamic host listed as a nameserver.
> 	I'm assuming, in saying this, the dynamic host is dropping
> 	off the net and the address is potentially being re-assigned,

Yes, with blackout periods typically <2 sec. Still, dnyndns.org works
magnificent for me: Although all their dynamic A records have a TTL of
1M, they don't seem to get cached at all. Querying my address
immediately after an address update with dyndns instantly yields the
current address, although I use the forwarding infrastructure of
Deutsche Telekom. But this is just my very individual situation and
might not be the case for everyone else. The stealth master idea
sounds much more robust.

Best regards,
--Andreas