several master ip's for a slave zone

Mark Andrews marka at
Mon Nov 7 04:09:58 UTC 2011

In message <barmar-1BAA23.22544006112011 at>, Barry Mar
golin writes:
> In article <mailman.1.1320621651.68562.bind-users at>,
>  Chris Thompson <cet1 at> wrote:
> > On Nov 5 2011, Alan Clegg wrote:
> > 
> > >On 11/5/2011 4:21 AM, kalpesh varyani wrote:
> > >> How does this feature address the risk that data provided by one master
> > >> might get overwritten by another?
> > >
> > >The use of the word "masters" in the configuration of a slave zone is a
> > >bit misleading.  Under most circumstances, you list the authoritative
> > >servers, not "multiple masters".
> > 
> > Although Alan doesn't say so, this might suggest to some that you should
> > list *all* the authoritative servers. That's a very bad idea - you need
> > to arrange that the directed graph of "A can fetch from B" is acyclic.
> > Otherwise servers can get into the state that A thinks its copy of the
> > zone is up to date because B told it so, and B thinks so because A told
> > it so (or longer loops, of course), while neither of them are true masters
> > for it.
> I don't think it's a problem.  As long as ANY of the servers in the 
> masters list have a higher serial number, you'll fetch from it.
> So if you have three servers, A, B, and C, A will check the serial 
> numbers on both B and C, and pull from whichever has a higher serial 
> number than the serial A already has.

Transfer graph loops prevent expire working as a safeguard against
loss of connectivity to the master source.  They are not a issue
with respect to gettting the latest version of the zone.

If M is the ultimate master and A and B transfer from each other
and M, when M dies, the SOA queries A to B and B to A succeed causing
each of A and B to believe the its current zone contents as they
will both be serving the zone with the same serial.

I proposed a solution but couldn't get traction with the dnsext
working group.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list