Experience with DDNS (RFC 2136)

[JINMEI Tatuya / 神明達哉]

At 06 Oct 2011 20:26:48 +0100,
Chris Thompson <cet1 at cam.ac.uk> wrote:

> >Are you willing to share the stories of your DDNS deployments, maybe
> >including approximate number of zones, records, update frequencies,
> >etc.?
> 
> We converted all our regular DNS updating operations to use dynamic
> updates in May 2005, for those zones for which we[*] are master.
> That's currently 58 zones (many of them small, the largest is cam.ac.uk
> with c. 50000 non-DNSSEC RRs) but would have been a few more then
> before our reverse zone consolidation exercise.
> 
> We have never regretted this. We did have some Windows 2000 DNS Server
> stealth slaves that had to be given "provide-ixfr no" settings because
> they ****ed up applying incremental transfers, but they've all gone now
> (thank $DEITY). We already had most of the input to our DNS zone content
> generated from an external database (even more so now), but I don't
> think that was critical. Deciding to write a "compare two zone files
> and generate nsupdate input to convert one to the other" Perl script
> was.

Maybe an off topic in this thread, but out of curiosity, is there any
specific reason you don't use the database as the direct source of the
zone with BIND 9's dlz or PowerDNS?  In general it will be slower, and
DNSSEC signing might be an issue in that setup, but on the other hand
updates will be reflected immediately, (at least in theory) no need
for worrying about consistency, no need for additional script or DDNS
setups, and (although this may not be an issue with 58 zones w/ max 50K
RRs/zone) no need for waiting on reload.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.