does zone trump forward?

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Jun 4 14:24:03 UTC 2013


On 04.06.13 13:42, Alan Shackelford wrote:
>We have 2843 authoritative zones. We run a split brain DNS. The new
> hospitals and other entities need to see our internal zone view once they
> have "joined".  So I have them forward queries during the early stages of
> the merger, until I can get control of their DNS and make appropriate
> changes.  There are fatherhood issues and all manner of ego problems
> involved in absorbing someone else's DNS.  This step provides a workable
> solution in the very first stages.  Then I make them slaves, with a
> reasonable expire time, to give them a copy of the data locally.

As I see it, the solution is still the same: shorten required TTLs and/or
fix transferring. They apparently needed to be listed as NS in their domains
so they will get the NOTIFY and retransfer. If they are not in NS records,
shorten the SOA refresh/retry times.

Simply, resubmitting a query after NXDOMAIN is received is an ugly hack and
violates the DNS principles. The problem must be solved by DNS tools.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease


More information about the bind-users mailing list