Daisy chaining slaves
dot at dotat.at
Mon Dec 18 12:03:50 UTC 2017
vijay bommareddy <vijayb888 at gmail.com> wrote:
> I generally do multiple slaves to a set of masters. But I'm just wondering
> if daisy chaining slaves i.e slave to a slave to a slave to a master, a
> good practice in general? What are the pros and cons of it?
In my setup there are a couple of reasons for daisy-chaining secondaries.
I have a hidden primary master (well, firewalled rather than strictly
hidden, since it appears in my SOA MNAME field) that only allows xfers to
other servers I deirectly control.
I have a number of secondaries which xfer from my public authoritative
servers, so they have a two-stage daisy chain. Here, daisy chaining allows
me to implement a security boundary.
I also have a third-party anycast secondary service, which has a hidden
xfer distribution server, the the actual anycast nodes are at the end of a
three-stage daisy chain. Here, daisy chaining allows the details of an
anycast cloud to be hidden from the primary servers.
On a high traffic system you'll probably want to separate xfers from
normal authoritative service, to reduce the risk of performance gotchas.
This may lead you to a daisy-chained xfer topology similar to the anycast
The consequence of daisy-chaining is that it inflates the SOA expire
interval. Zone expiry is a timer local to each secondary since its most
recent successful refresh, so (in my setup) if xfers start failing my
anycast secondary might not expire the zones for three weeks (3x my SOA
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Northwest Fitzroy, West Sole: Westerly backing southerly 4 or 5, occasionally
6 in west. Moderate or rough. Occasional drizzle, fog patches. Moderate or
good, occasionally very poor.
More information about the bind-users