Dyn DNS...masters and slaves...

Kevin Darcy kcd at daimlerchrysler.com
Tue Sep 5 20:19:08 UTC 2006

Kevin P. Knox wrote:
> I've recently had the occasion to configure dynamic DNS on my current 
> employer's networks to support MS AD.  We're running BIND 9.2.4 on Debian 3.1 
> (stable).  Other than having no support for GSS-TSIG, it's working well so 
> far.  I do have a question though.
> It "seems" that with dynamic DNS on BIND, there is single point of failure.  
> MS clients find the authoritative server by looking at the MNAME field in the 
> SOA RR for the zone to update and that field should always be the master 
> server.  I know that slaves can forward updates if so configured, and we've 
> configured IP based ACLs to permit this.  But I have yet to see a client send 
> an update to a slave.
> What if the master DNS server becomes unreachable to clients needing to 
> perform updates?  I'm having trouble finding information explaining the 
> mechanics of this.   I've got a current copy of the BIND ARM, and DNS & BIND, 
> 5th Edition.  If somebody could point me in the right direction for answers, 
> I'd certain appreciate it.  Thanks. :-)
Any Dynamic Update client that doesn't fail over to other nameservers 
besides the one listed in the target zone's SOA.MNAME is not compliant 
with Section 4 of RFC 2136, which is a Proposed Standard.

- Kevin

More information about the bind-users mailing list