Splitting off a sub-zone "atomically"

Phil Mayers p.mayers at imperial.ac.uk
Mon May 10 15:20:07 UTC 2010


We're doing some DNSSEC testing with sub-zones of our main zone, and I 
had a little accident largely due to my own incompetence today where I 
basically did this:

1. Existing zone "example.com"; create new zone "sub.example.com"

2. Run a SQL->DNS update; *.sub.example.com RRs are removed from 
"example.com", and added to "sub.example.com"

3. Slaves immediately get the NOTIFY for "example.com" and remove the 
records via IXFR, but aren't yet configured for "sub.example.com" (cron 
job hasn't yet run)

4. Some time later, the cron job runs


Obviously between 3 & 4 we weren't resolving "sub.example.com" on the 
slaves. Tedious.


This got me thinking. When I have this:

zone "example.com" {
   type slave;
   master 192.168.1.1;
   file "zones/example.com";
};

...and I then append this:

zone "sub.example.com" {
   ...
};

...and issue an "rndc reload", does bind NXDOMAIN any queries for 
"sub.example.com" between the "reload" and the AXFR finishing? Or does 
it wait until the zone is fully downloaded before inserting it into the 
internal lookup "tree" (or whatever)?

Obviously I can change my procedures to do:

  1. Create zone on master
  2. For each slave:
     a. axfr file from master
     b. add zone into /etc/named.conf
     c. rndc reload
  3. On master, remove *.sub.example.com RRs from example.com

...but I was just curious.




More information about the bind-users mailing list