Dyn DNS...masters and slaves...

Barry Finkel b19141 at achilles.ctd.anl.gov
Tue Sep 5 14:37:08 UTC 2006

"Kevin P. Knox" <bind-users at rc4systems.net> wrote:

>I've recently had the occasion to configure dynamic DNS on my current 
>employer's networks to support MS AD.  We're running BIND 9.2.4 on Debian 3.1 
>(stable).  Other than having no support for GSS-TSIG, it's working well so 
>far.  I do have a question though.
>It "seems" that with dynamic DNS on BIND, there is single point of failure.  
>MS clients find the authoritative server by looking at the MNAME field in the 
>SOA RR for the zone to update and that field should always be the master 
>server.  I know that slaves can forward updates if so configured, and we've 
>configured IP based ACLs to permit this.  But I have yet to see a client send 
>an update to a slave.
>What if the master DNS server becomes unreachable to clients needing to 
>perform updates?  I'm having trouble finding information explaining the 
>mechanics of this.   I've got a current copy of the BIND ARM, and DNS & BIND, 
>5th Edition.  If somebody could point me in the right direction for answers, 
>I'd certain appreciate it.  Thanks. :-)

If the master is unavailable when a client needs to perform a DDNS
update, then, obviously, the update can not be performed.  If the update
is from a DHCP server, then the DHCP server may queue the request and
retry later.  I do not know what the DHCP RFCs have to say, if anything,
on this subject.  If the update is a self-registration from a Windows
PC, then I do not know if the Windows code will retry later.  I believe
that the self-registration code will re-register once a day to insure
that the records in DNS have not "mysteriously" disappeared.

As for sending updates to slave servers - I see a number of DDNS updates
being sent to my slave servers.  I assume that the packets come from
DHCP servers, but I do not know what DHCP code is being run.  I believe
that RFC 2136 (DDNS) states that the packets must be sent to the master
server.  If a packet were to be sent to a BIND slave server, and that
server were configured to forward the request to the master, and the
master server were unavailable, I do not know if BIND would queue the
request or discard it.  I have not looked at the latest BIND code.
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994

More information about the bind-users mailing list