Dyn DNS...masters and slaves...
kcd at daimlerchrysler.com
Tue Sep 5 20:19:08 UTC 2006
Kevin P. Knox wrote:
> I've recently had the occasion to configure dynamic DNS on my current
> employer's networks to support MS AD. We're running BIND 9.2.4 on Debian 3.1
> (stable). Other than having no support for GSS-TSIG, it's working well so
> far. I do have a question though.
> It "seems" that with dynamic DNS on BIND, there is single point of failure.
> MS clients find the authoritative server by looking at the MNAME field in the
> SOA RR for the zone to update and that field should always be the master
> server. I know that slaves can forward updates if so configured, and we've
> configured IP based ACLs to permit this. But I have yet to see a client send
> an update to a slave.
> What if the master DNS server becomes unreachable to clients needing to
> perform updates? I'm having trouble finding information explaining the
> mechanics of this. I've got a current copy of the BIND ARM, and DNS & BIND,
> 5th Edition. If somebody could point me in the right direction for answers,
> I'd certain appreciate it. Thanks. :-)
Any Dynamic Update client that doesn't fail over to other nameservers
besides the one listed in the target zone's SOA.MNAME is not compliant
with Section 4 of RFC 2136, which is a Proposed Standard.
More information about the bind-users