Dyn DNS...masters and slaves...

Kevin P. Knox bind-users at rc4systems.net
Sun Sep 3 17:13:53 UTC 2006

I've recently had the occasion to configure dynamic DNS on my current 
employer's networks to support MS AD.  We're running BIND 9.2.4 on Debian 3.1 
(stable).  Other than having no support for GSS-TSIG, it's working well so 
far.  I do have a question though.

It "seems" that with dynamic DNS on BIND, there is single point of failure.  
MS clients find the authoritative server by looking at the MNAME field in the 
SOA RR for the zone to update and that field should always be the master 
server.  I know that slaves can forward updates if so configured, and we've 
configured IP based ACLs to permit this.  But I have yet to see a client send 
an update to a slave.

What if the master DNS server becomes unreachable to clients needing to 
perform updates?  I'm having trouble finding information explaining the 
mechanics of this.   I've got a current copy of the BIND ARM, and DNS & BIND, 
5th Edition.  If somebody could point me in the right direction for answers, 
I'd certain appreciate it.  Thanks. :-)

... Kev

