masters, slaves, and when I make changes

Wed Oct 29 02:44:25 UTC 2008

On Mon, Oct 27, 2008 at 8:19 PM, Scott Haneda <talklists at newgeo.com> wrote:
> Hello, I hope this should be fairly simple, most of this is just me
> looking to understand how a certain process works.
>
> I have a primary NS where I add in new domains, delete old ones, and
> of course, update existing ones.  My colocation provider has several
> NS's, but I only use one as a secondary, and only list one as a
> secondary in my NS records.
>
> For example:
> ns.me.com
> ns0.colo.com
>
> The part I am not entirely getting, is my colo provider has
> ns0.colo.com
> ns1.colo.com
> ns2.colo.com
> ns3.colo.com
>
> And probably others
>
> I set in named.conf
> allow-transfer { ns0.colo.com; };
> * I use an IP, just trying to make this more clear in example
>
> So their ns0.colo.com pulls the zone data from my ns.me.com, however,
> the authoritative servers are ns.me.com and ns1.colo.com.
>
> I am guessing, the colo starts with ns0.colo.com, and each of the ns1
> through ns3 are slaves.

That's likely a bad assumption.  We have a 3 level set up here where I
work (a colo).  A hidden master, 2 slaves which are listed as
authoritative, and then the 4 resolvers which we allow our customers
to use.  These resolvers just query the 2 slaves, and the 2 slaves
have a shell scrip that runs every 15 minutes that update themselves
from the hidden master.  Allowing transfers to our primary resolver or
even the authoritative DNS would have very unexpected (to you)
results.

> What determines to them, when the ns1.colo.com, through ns3.colo.com
> will pick up on the new data in ns0.colo.com?

Their own internal policies.  Ask them what they are.

> When I make a change, it seems to take a very long time for
> ns1.colo.com to pick it up, but I can see that ns0.colo.com has it.  I
> send in the notify, and ns0.colo.com grabs relatively quickly.  The
> trouble I have, is that their secondary does not seem to get the new
> data for far too long.

15 minutes is the max it takes to propagate from master to
authoritative in our case.

> I tend to think it is a configuration issue on their end, but it
> brings me to wonder what configuration I would change.  I provide a
> secondary for a few friends, many thousands of domains, but I have no
> idea how, if I wanted to, I would change the speed in which I pick up
> new data from their primary, if they did not send a notify.  I suppose
> there are also options to enable and disable notify, which I can not
> seem to find, and time intervals that can be set when notify commands
> are not sent.

Call them and ask.

good luck!

-Bryan