Using proxy DNS servers for bind as an alternative to slave servers.
btb at bitrate.net
Mon Jul 2 01:09:54 UTC 2012
On 07/01/2012 02:42 PM, J P wrote:
> Hello all!
> I understand RFC compliant DNS servers use AXFR and IXFR for synching
> bewteen masters and slaves... and that this is the general scenario for
> that purpose.
> However, I need somebody to technically explain to me why cant I use a
> DNS resolver daemon such as the pdnsd dns proxy daemon with a cache of
> for example 5 minutes... so I can configure it to forward requests to my
> master (where I feed and store my zones), with the cache being 5 minutes
> then iam sure the latency between my master and the proxy will be minimal.
> Is this possible why yes or why not.
a couple of things come to mind. there are probably other issues as
well. to begin with, if this other server is not actually loading the
zone itself, and is just forwarding all requests to your master, you'd
need to somehow get this other server to answer those requests
authoritatively. i don't know how pdnsd dns proxy daemon works, but
air, the software i'm familiar with does not answer authoritatively for
that sort of configuration.
second, even if you could get the software to sort of lie and answer
authoritatively, you're losing largely all of the benefits of a slave
nameserver by doing something like this. if you "cached" data for five
minutes [which raises another question as to how you would do this - i
hope not by using a ttl of 5 minutes for all records on the master],
then any changes you made would not be reflected on this server for up
to five minutes - whereas if it were a properly configured slave, the
changes would be reflected immediately. additionally, were the master
to become unavailable, this other server would only be able to answer
queries for five more minutes, at which point it's cache would expire
and it would have no server to get answers from. in contrast, an actual
slave nameserver is typically configured to continue serving the zone
for much longer than five minutes if the master becomes unreachable
[generally weeks, at least], regardless of the ttls for the individual
records that might be served.
in terms of latency, i'm not quite sure what you're getting after, but
there is, for all intents and purposes, no latency in a traditional
master/slave environment [if nothing else, certainly magnitudes smaller
than five minutes].
having additional nameservers which become basically useless if the
master has a problem doesn't make much sense to me. my suggestion would
really be to take a bit of a different philosophical approach, and
instead of pursuing an abnormal environment unless there is some
prohibitive aspect, just pursue a normal, tried and tested environment
unless there is some genuine reason why you can't. if there is some
aspect of a traditional master/slave [or some variation thereof]
environment that you're concerned might pose issues, my recommendation
would be to just ask about that.
More information about the bind-users