Dyn DNS...masters and slaves...
Kevin P. Knox
bind-users at rc4systems.net
Sun Sep 3 17:13:53 UTC 2006
I've recently had the occasion to configure dynamic DNS on my current
employer's networks to support MS AD. We're running BIND 9.2.4 on Debian 3.1
(stable). Other than having no support for GSS-TSIG, it's working well so
far. I do have a question though.
It "seems" that with dynamic DNS on BIND, there is single point of failure.
MS clients find the authoritative server by looking at the MNAME field in the
SOA RR for the zone to update and that field should always be the master
server. I know that slaves can forward updates if so configured, and we've
configured IP based ACLs to permit this. But I have yet to see a client send
an update to a slave.
What if the master DNS server becomes unreachable to clients needing to
perform updates? I'm having trouble finding information explaining the
mechanics of this. I've got a current copy of the BIND ARM, and DNS & BIND,
5th Edition. If somebody could point me in the right direction for answers,
I'd certain appreciate it. Thanks. :-)
More information about the bind-users