Win2K, BIND & Multi-master

Cricket Liu cricket at menandmice.com
Thu May 9 17:11:16 UTC 2002 

Hi, John.

> I've got a consultant here telling me that BIND can be set up with a
> multi-master model.

Hmm.  I'm not exactly sure what he means by that.  You can run
multiple primary master name servers for a zone and synchronize
them with a mechanism other than zone transfers, but that wouldn't
handle dynamic updates very well.

> I've been trying to get it to work (for several days), but everything I
> currently know about BIND 8.2.3-REL goes against having multiple
> masters.
> 
> Test #1:  I've configured just 2 servers.  A test domain -on server 1 is
> configured as "master",
> on server 2, it's a "slave".  Using nsupdate, (while on DNS server #1) -
> I add a record, the master sends a NOTIFY, it's received, the slave does
> a AXFR,  -and all's well. (I'd like for it to do a IXFR... I can't figure
> that out either!)

Better to do IXFR with BIND 9 than BIND 8.

> Test #2:  I've configured just 2 servers.  A test domain -on server 1 is
> configured as "master",
> on server 2, it's also a "master".  When using nsupdate, again -on DNS
> server #1, it sends the NOTIFY to server #2, but [I presume 'cause it's
> also a master] I get:
> 
>         notify: info: NOTIFY(SOA) for non-secondary name
> 
> ...and, as expected, the second "master" server ignores the update from
> the "true" master.

Yup.

> I've been playing with "notify yes;".. and that doesn't make any
> difference either.

No, it wouldn't.

> My goal is to find a way to get BIND 8.2.3 replication-model to mimmic
> Win2K's DDNS.  I need to allow for multiple company sites to each have
> their own master for ....say... the adaptec.com zone.  If a Win2K client
> in one site does a dynamic update- it'll update the DNS server specified
> in the clients DNS settings... right?  That would be their *local* DNS
> server.

No, a dynamic update client can send an update to any name server.
It figures out which name server to send the update to by looking
up the SOA record for the domain name in the update.  That domain
name doesn't always have an SOA record, but even a negative answer
returns the SOA record of the enclosing zone.  The updater extracts
the MNAME field and sends the update there.

Does that mitigate your need for masters everywhere?

> Any ideas on how can I get the other "master" DNS servers to see their
> update (and do IXFR's)?  I'm guessing master/slave is the ONLY way if we
> want to stick
> with BIND.  And I REALLY want to stick with BIND!

I don't think you can do what you're trying to do with BIND.
But then I don't think you really need to.

cricket

Men & Mice
DNS Software & Services
www.menandmice.com

Attend our next DNS and BIND class!  See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes

More information about the bind-users mailing list