bind 9 multiple masters setup

dev null devnull at cimmerii.org
Wed Jan 12 23:58:09 UTC 2011


Thank you all!

So, it would still have rndc do the reload essentially and file copy
because the masters would get the files via cfengine which we have
working via scp. So basically it's not going outside of what bind
provides.

This is to quickly stand up several DNS boxes, even masters.

Since the masters got the copy then from there rndc would take over
and the slaves listed as slaves in the named.conf would get the update
/ notify etc etc.

The main thing was the MNAME which I started doing but Emil confirmed
as being safe to do.

On Wed, Jan 12, 2011 at 3:27 PM, Torinthiel <torinthiel at data.pl> wrote:
> On 01/12/11 16:13, dev null wrote:
>> Hello,
>>
>> I have most of this worked out but I intend to setup bind in a
>> multiple master manner.
>>
>> This makes me question a few things:
>>
>> 1. What can I use for the SOA MNAME? In the off chance a box may die,
>> I am thinking of using a VIP which contains the multiple masters
>> within it. However I am not sure how this would affect NOTIFY. So can
>> I use a VIP or do I just use one of the master DNS boxes in the SOA
>> MNAME field?
>
> It's mostly ignored. All resolvers go for the NS records at the zone
> apex, not for MNAME. Even if the server named in MNAME dies, it won't
> affect resolving. You just rebuild that machine, or even build another
> one and change slaves to get data from new master.
>
>
>> 2. With that said, I intend to use rndc to push out DNS changes,
>> should I worry about using a VIP still? I may need to use both and
>> NOTIFY seems like it is more built-in so I want to keep rndc and
>> NOTIFY going.
>
> Isn't it simplier to just let BIND do it's job? When master loads a
> changed zone, it sends NOTIFY messages to slaves, and slaves seeing that
> they have outdated zone files download the zone from master.
> rndc can only tell BIND (either master or slave) to initiate that
> connection, it can't change zones by itself.
> You could of course copy zone files to slaves by some means (rsync?
> scp?) and then rndc reload the slave, but
> a) why?
> b) it really isn't a slave anymore, at least not in DNS terms.
> Torinthiel
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



More information about the bind-users mailing list