Local DNS and outside DNS ...
kcd at daimlerchrysler.com
Fri Jan 24 18:56:14 UTC 2003
Kamran Remin wrote:
>i have bind running in our local LAN. And i have a dedicated server at a
>provider which is running bind and apache. When i enter new hosts on the
>bind at our provider, it takes some time for their secondary DNS to update.
>So, the first question i have is about the serialnumber. If my last
>serialnumber was 2003012202 (which would also be last from the secondary)
>and if i update my zone-file today, then my new serial would be 2003012401,
>right? Or would it be 2003012403? I'am asking this, because sometimes it
>seems to me, that the secondary DNS of my provider isn't refreshing fast
You don't have to embed the date in your serial number; you can adopt
any serial-number you want, bearing in mind that the serial number needs
to *increment* in order for the zone to replicate (see RFC 1982 for more
detail about how "increment" is determined in the context of serial
Why are your ISP's nameservers replicating slowly? There could be any
number of reasons: the REFRESH time on the zone may be set too high
and/or the slave servers are not properly listed in the NS records of
the zone, and therefore do not get NOTIFY messages; maybe the ISP has an
"alternative" means of replicating the zone, and it doesn't run as
frequently as you wish. Best bet probably is to talk to your ISP about
the replication issue.
>A second question that i have, is: It should be possible to tell my local
>DNS, that it's forwader is the one i ran at my provider, right? This should
>have the benefit, that all clients on my local LAN should reach new entries
>on my outside DNS as soon as i enter them on the outside DNS. But the new
>hosts still don't answer. But this should work, or not?
Sort of. When your nameserver is told that the name doesn't exist
(because it hasn't propagated yet), it'll create a "negative caching"
entry, basically a remembrance that the name doesn't exist. This
"negative caching" entry will stick around a configurable amount of
time, determined by the last field of the SOA record of the zone (unless
overridden by some global caching-control option). So, if your negative
caching TTL is set high, it won't really matter if you use your
provider's DNS as a forwarder, because negative caching takes precedence
over forwarding -- your nameserver will "remember" for a long time that
the name doens't exist and won't forward queries for it.
Your best option is probably to set your local box up as a "stealth
slave" of the zone and make sure your ISP sends it NOTIFYs whenever the
zone changes. If they use BIND, they can configure their nameserver(s)
to send your nameserver NOTIFYs via the "also-notify" statement.
More information about the bind-users