How to find all DNS slave servers available?

Bill Larson bind9 at comcast.net
Mon Dec 20 23:57:22 UTC 2004


On Dec 20, 2004, at 4:21 PM, CIC Information Line wrote:

> How to find out all the DNS slave servers in a
> specific DNS environment?

Ask the administrators of the servers?

Frankly, there is no way to identify all of the slave servers for a 
zone as long as the possibility of having "stealth" slaves exists.

The systems identified with "NS" records in a zone had better be either 
the master or a slave for a zone.  Any server that the parent has 
delegated had also be a master or slave for the zone also (these should 
be identified with NS records in the zone file).

In the named.conf file it is also possible to identify stealth slaves 
with the "also-notify" directive such that DNS Notify messages are sent 
to these stealth slaves.  But this still leaves the possibility for 
someone setting up a slave for a zone, having it perform a zone 
transfer to populate the zone, and then never knowing about it.

You could look through the logs to identify who has performed a zone 
transfer from one of the known servers under the possibility that these 
may identify possible slaves.  But this can still lead you to a dead 
end by having a stealth slave that is the source for another stealth 
slave.

So, in general, there is no way of knowing all of the possible slaves 
for a particular zone.

Bill Larson



More information about the bind-users mailing list