several master ip's for a slave zone
Mark Andrews
marka at isc.org
Mon Nov 7 04:09:58 UTC 2011
In message <barmar-1BAA23.22544006112011 at news.eternal-september.org>, Barry Mar
golin writes:
> In article <mailman.1.1320621651.68562.bind-users at lists.isc.org>,
> Chris Thompson <cet1 at cam.ac.uk> wrote:
>
> > On Nov 5 2011, Alan Clegg wrote:
> >
> > >On 11/5/2011 4:21 AM, kalpesh varyani wrote:
> > >> How does this feature address the risk that data provided by one master
> > >> might get overwritten by another?
> > >
> > >The use of the word "masters" in the configuration of a slave zone is a
> > >bit misleading. Under most circumstances, you list the authoritative
> > >servers, not "multiple masters".
> >
> > Although Alan doesn't say so, this might suggest to some that you should
> > list *all* the authoritative servers. That's a very bad idea - you need
> > to arrange that the directed graph of "A can fetch from B" is acyclic.
> > Otherwise servers can get into the state that A thinks its copy of the
> > zone is up to date because B told it so, and B thinks so because A told
> > it so (or longer loops, of course), while neither of them are true masters
> > for it.
>
> I don't think it's a problem. As long as ANY of the servers in the
> masters list have a higher serial number, you'll fetch from it.
>
> So if you have three servers, A, B, and C, A will check the serial
> numbers on both B and C, and pull from whichever has a higher serial
> number than the serial A already has.
Transfer graph loops prevent expire working as a safeguard against
loss of connectivity to the master source. They are not a issue
with respect to gettting the latest version of the zone.
If M is the ultimate master and A and B transfer from each other
and M, when M dies, the SOA queries A to B and B to A succeed causing
each of A and B to believe the its current zone contents as they
will both be serving the zone with the same serial.
I proposed a solution but couldn't get traction with the dnsext
working group. http://tools.ietf.org/html/draft-andrews-dnsext-expire-00
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list