When there are no Root Name Servers

Kevin Darcy kcd at daimlerchrysler.com
Fri Mar 30 21:19:52 UTC 2001

Why don't you configure your boxes as slaves for the root zone, from an
internal master, which under normal circumstances is a mirror copy of
the Internet root zone, and in failure mode, is switched to a
"island" version of the root zone, which only knows about your internal
domains? With NOTIFY, it shouldn't take very long to propagate the
"island" root zone to all of your internal slaves.

By the way, if your Internet connectivity is completely down, isn't your
phone going to be ringing a lot *anyway*, regardless of how your DNS is
set up? Or do you have DNS and network support heavily partitioned from
each other?

- Kevin

Martin McCormick wrote:

>         I was approached recently with the question of how we
> might let local domain name service keep running during times
> when Internet connectivity is down and no root name servers are
> accessible.  The suggestion was made to configure the secondary
> dns to be its own root zone.  My basic response was that this
> sounds like a bad idea because during that 99.5% of the time when
> everything is working, if a customer of ours happened to hit the
> secondary and ask for a lookup outside of us, he or she should
> get a failure because that dns would not be able to lookup the
> outside domain.
>         We have experimented with manually configuring our name
> servers to be their own root when we were certain of an extended
> outage, when one knows for a fact that no traffic is going to make
> it off campus or at least on to the INternet due to a known
> problem with routers or cables.
>         Is there a BCP or Best Current Practice that lets our
> local lookups keep running through the master even when the roots
> have temporarily gone away?
> Maybe I am simply overlooking a small change in configuration
> that would at least allow the campus to talk to itself and then
> smoothly recover full functionality when the roots reappear.
>         We probably get one of these situations once or twice a
> year if that often and they don't last long, but the hit is
> magnified by loss of local dns.  The phone can really start to
> ring.
> Martin McCormick

More information about the bind-users mailing list