Many masters, one slave

Kevin Darcy kcd at daimlerchrysler.com
Thu May 11 22:38:43 UTC 2006 

It's not clear what you're really trying to accomplish here.

What's in the WHOIS record, and in the delegations from the various 
ccTLD and/or gTLD servers (hopefully those sets should match, for any 
given zone) is used mainly between nameservers, and you are required to 
have at least 2 nameservers for every zone, so that you have sufficient 
redundancy and other nameservers on the Internet don't thrash around 
trying to resolve names in your domain during each and every 
single-point failure you have. Users don't *normally* look at or care 
what nameservers are in WHOIS or the delegations. For the most part it's 
transparent to them.

On the other hand, you said you wanted to "give [your] users just one 
server as authoritative DNS". I think we assumed you meant that you 
wanted just one server in the resolver configuration of your clients, 
and for that server to be authoritative for your zones (presumably this 
would be done for redundancy so that even if the WAN link to the 
location were down, the local nameserver would have a copy of all of the 
relevant zone data and could continue to resolve names). That's why a 
stealth slave was recommended. For improved availability, of course, you 
should have at least *two* entries in the resolver list. But you 
specifically said you just wanted one, for whatever reason. As far as I 
know, Internet standards don't govern how many entries one must have in 
a resolver list.

Now you seem to be introducing new requirements: "read automatically the 
zones from the A and B servers". If a nameserver is a slave (stealth or 
otherwise), then obviously it has a way of replicating the zone data 
from the master server(s) for the zones that are configured (otherwise 
we wouldn't even call it a slave). Or, are you asking how zones that are 
newly configured on the master(s) can be automatically configured on the 
slave(s) as well? That question comes up frequently. You could search 
the archives for relevant terms and phrases, but the basic answer is 
that there is no specific support for this within the DNS protocol or in 
BIND. Most people write their own mechanisms, or use commercial 
products, e.g. Lucent's QIP, which handle these "housekeeping" tasks 
automatically.

- Kevin

Fabrizio Reale wrote:

>Joshua Beining wrote:
>
>  
>
>>Setup a stealth slave.  Configure it as you would a normal slave for each
>>of the zones but *don't* list it in any of the zone's NS records.
>>
>>    
>>
>
>But can the stealth slave read automatically the zones from the A and B
>servers?
>I have described a simplified structure.
>I have more than ten DNS servers with their own domains.
>But I want to put only one server (and its slave) in the "whois" NS record.
>
>Fabry
>
>
>  
>
>>>-----Original Message-----
>>>From: bind-users-bounce at isc.org
>>>[mailto:bind-users-bounce at isc.org] On Behalf Of Fabrizio Reale
>>>Sent: Wednesday, May 10, 2006 9:01 AM
>>>To: bind-users at isc.org
>>>Subject: Many masters, one slave
>>>
>>>
>>>I have many authoritative bind servers with various zones,
>>>but I want to give my users just one server as authoritative DNS.
>>>Example:
>>>Server A:
>>>Domains: foo.com, bar.com
>>>
>>>Server B:
>>>Domains:  foo.net, bar.net, foo.org
>>>
>>>
>>>Server C:
>>>No domain configured, but I'd like if it were authoritave for
>>>the domain of A and B servers.
>>>
>>>Any suggestions?
>>>      
>>>
>
>
>  
>

More information about the bind-users mailing list