Public facing authoritative NS all masters
Reindl Harald
h.reindl at thelounge.net
Sat Jul 12 14:23:15 UTC 2014
Am 12.07.2014 16:11, schrieb Gary Wallis:
> DNS experts,
>
> What are the drawbacks, if any, of running only master name servers for the set of authoritative NSs?
>
> For example given:
>
> [root at rc37 unxsVZ]# dig latimes.com NS +short
> dns1.tribune.com.
> dns2.tribune.com.
> dns4.tribune.com.
> dns3.tribune.com.
>
> Where all 4 dnsN servers are in fact masters (this is just a hypothetical, the NS above are most likely secondary
> servers)
practically none if all is going fine
if you are making a config mistake preventing named to work
it makes a difference because the master goes down and the
slaves have no chance to pull the mistake
been there done that for ISP breaking zone-transfer reasons
______________________________________________________________
example:
* subdomain1.example.com -> CNAME to whatever
* later a mailsub-domain get addeded
* you add MX subdomain1.example.com
* named won't load that zone because CNAME and others are not allowed
* the slave has no chance to pull such breakage
well, that mistake happened years ago and needed to be fixed
in our dns-backend to not allow, however at that time the
secondary nameserver was a slave and nothing happened
if both would have been configured as master and get the
same input the zone would have gone offline
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140712/05a645e5/attachment.bin>
More information about the bind-users
mailing list