Win2K, BIND & Multi-master

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Thu May 9 09:52:53 UTC 2002 

John Lindemann <jlindema at corp.adaptec.com> wrote:

> Hello all-

> I've got a consultant here telling me that BIND can be set up with a

Change consultant. 

You can set up a multi-master by replicating zonefiles ( by rsync or simular)
but it won't do with dyn upd.

> multi-master model.
> I've been trying to get it to work (for several days), but everything I
> currently know about BIND 8.2.3-REL goes against having multiple
> masters.

> Test #1:  I've configured just 2 servers.  A test domain -on server 1 is
> configured as "master",
> on server 2, it's a "slave".  Using nsupdate, (while on DNS server #1) -
> I add a record, the master sends a NOTIFY, it's received, the slave does
> a AXFR,  -and all's well.
> (I'd like for it to do a IXFR... I can't figure that out either!)

> Test #2:  I've configured just 2 servers.  A test domain -on server 1 is
> configured as "master",
> on server 2, it's also a "master".  When using nsupdate, again -on DNS
> server #1, it sends the NOTIFY to server #2, but [I presume 'cause it's
> also a master] I get:

>         notify: info: NOTIFY(SOA) for non-secondary name

> ...and, as expected, the second "master" server ignores the update from
> the "true" master.

> I've been playing with "notify yes;".. and that doesn't make any
> difference either.

> My goal is to find a way to get BIND 8.2.3 replication-model to mimmic
> Win2K's DDNS.  I need to allow for multiple company sites to each have
> their own master for ....say... the adaptec.com zone.  If a Win2K client
> in one site does a dynamic update- it'll update the DNS server specified
> in the clients DNS settings... right?  That would be their *local* DNS
> server.

Why do you want to copy a broken model ? 

Using DNS as any kind of authorization ( which is why most folks
attemts to have the dhcp-server update DNS ) is wrong, unsecure and
unreliable. What _are_ you trying to achieve ?

> Any ideas on how can I get the other "master" DNS servers to see their
> update (and do IXFR's)?  I'm guessing master/slave is the ONLY way if we
> want to stick
> with BIND.  And I REALLY want to stick with BIND!

> Thanks in advance-
> John


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list