Many masters, one slave
kcd at daimlerchrysler.com
Thu May 11 22:38:43 UTC 2006
It's not clear what you're really trying to accomplish here.
What's in the WHOIS record, and in the delegations from the various
ccTLD and/or gTLD servers (hopefully those sets should match, for any
given zone) is used mainly between nameservers, and you are required to
have at least 2 nameservers for every zone, so that you have sufficient
redundancy and other nameservers on the Internet don't thrash around
trying to resolve names in your domain during each and every
single-point failure you have. Users don't *normally* look at or care
what nameservers are in WHOIS or the delegations. For the most part it's
transparent to them.
On the other hand, you said you wanted to "give [your] users just one
server as authoritative DNS". I think we assumed you meant that you
wanted just one server in the resolver configuration of your clients,
and for that server to be authoritative for your zones (presumably this
would be done for redundancy so that even if the WAN link to the
location were down, the local nameserver would have a copy of all of the
relevant zone data and could continue to resolve names). That's why a
stealth slave was recommended. For improved availability, of course, you
should have at least *two* entries in the resolver list. But you
specifically said you just wanted one, for whatever reason. As far as I
know, Internet standards don't govern how many entries one must have in
a resolver list.
Now you seem to be introducing new requirements: "read automatically the
zones from the A and B servers". If a nameserver is a slave (stealth or
otherwise), then obviously it has a way of replicating the zone data
from the master server(s) for the zones that are configured (otherwise
we wouldn't even call it a slave). Or, are you asking how zones that are
newly configured on the master(s) can be automatically configured on the
slave(s) as well? That question comes up frequently. You could search
the archives for relevant terms and phrases, but the basic answer is
that there is no specific support for this within the DNS protocol or in
BIND. Most people write their own mechanisms, or use commercial
products, e.g. Lucent's QIP, which handle these "housekeeping" tasks
Fabrizio Reale wrote:
>Joshua Beining wrote:
>>Setup a stealth slave. Configure it as you would a normal slave for each
>>of the zones but *don't* list it in any of the zone's NS records.
>But can the stealth slave read automatically the zones from the A and B
>I have described a simplified structure.
>I have more than ten DNS servers with their own domains.
>But I want to put only one server (and its slave) in the "whois" NS record.
>>>From: bind-users-bounce at isc.org
>>>[mailto:bind-users-bounce at isc.org] On Behalf Of Fabrizio Reale
>>>Sent: Wednesday, May 10, 2006 9:01 AM
>>>To: bind-users at isc.org
>>>Subject: Many masters, one slave
>>>I have many authoritative bind servers with various zones,
>>>but I want to give my users just one server as authoritative DNS.
>>>Domains: foo.com, bar.com
>>>Domains: foo.net, bar.net, foo.org
>>>No domain configured, but I'd like if it were authoritave for
>>>the domain of A and B servers.
More information about the bind-users