Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive
Dave Warren
davew at hireahit.com
Sat Mar 19 05:02:16 UTC 2016
On 2016-03-18 01:46, Ron wrote:
>
> On Fri, Mar 18, 2016 at 12:12 AM, G.W. Haywood
> <bind at jubileegroup.co.uk <mailto:bind at jubileegroup.co.uk>> wrote:
>
> Hi there,
>
> On Thu, 17 Mar 2016, Ron wrote:
>
> ... in this case it's a supplier who is unable to keeps his
> DNS servers
> working, and we just want to keep the connectivity.
>
>
> I'd just put something in /etc/hosts and send myself an email every
> month or so to remind me I'd done that.
>
>
>
> This is what we're currently using, but it has the downside of not
> picking up ip address changes.
If you want to reinvent caching, why not go a step further, periodically
query the records and build a local /etc/hosts
I've done this in a couple places where I need certain records to work
even if DNS is broken. For example, it's just not worth having a NFS or
Gluster filesystem mount fail because DNS happens to be down. If DNS is
down, I'm probably already mid-panic, I don't need to worry about
whether or remote file systems will come back up if I need to reboot a
thing.
My current logic is that I do a SOA query and check the serial number,
if it has changed, I query every needed hostname into a temp file, and
if every single query was successful, check the SOA again, and if it
still matches, update the /etc/hosts. If anything goes wrong (including
a mismatch between the SOA), dump the temp file and try again.
Slaving the zones would be better, but some machines have a resolver
already, sometimes with unique configuration that I couldn't bulldoze
(and I'm too lazy to manually review the configuration of every machine)
and sometimes the local resolver was Unbound, and also the master DNS
server doesn't have a list of every machine that needs a NOTIFY, or a
way to keep that list up to date. It was just faster to code up a sloppy
/etc/hosts script to update a handful of critical records. Lame reasons,
but it works well enough and hasn't blown up in my face yet.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160318/c43755b3/attachment.html>
More information about the bind-users
mailing list