<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I guess I'm still not understanding
your requirements. In my thinking, the local DNS server would *be*
a stealth slave. Why are you considering these as 2 separate
instances?<br>
<br>
-
Kevin<br>
<br>
On 2/24/2014 9:56 AM, houguanghua wrote:<br>
</div>
<blockquote cite="mid:BAY173-W9409D9F1C3C1CA24B2489BB860@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:微软雅黑
}
--></style>
<div dir="ltr">Dan,<br>
<br>
Yes, also-notify can hide the slave name server. But local dns
server can't know where is 'stealth' slave too.<br>
<br>
Thanks,<br>
Guanghua<br>
<br>
------------------------------------<br>
Date: Fri, 21 Feb 2014 07:50:05 -0600<br>
From: Daniel McDonald <a class="moz-txt-link-rfc2396E" href="mailto:dan.mcdonald@austinenergy.com"><dan.mcdonald@austinenergy.com></a><br>
To: Untitled <a class="moz-txt-link-rfc2396E" href="mailto:bind-users@lists.isc.org"><bind-users@lists.isc.org></a><br>
Subject: Re: bind-users Digest, Vol 1769, Issue 1<br>
Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:CF2CB5AD.6AE8E%dan.mcdonald@austinenergy.com"><CF2CB5AD.6AE8E%dan.mcdonald@austinenergy.com></a><br>
Content-Type: text/plain; charset="US-ASCII"<br>
<br>
On 2/21/14 3:39 AM, "houguanghua"
<a class="moz-txt-link-rfc2396E" href="mailto:houguanghua@hotmail.com"><houguanghua@hotmail.com></a> wrote:<br>
<br>
> kevin,<br>
> <br>
> How does the local name server learn where is the 'stealth'
slave? For the<br>
> 'stealth' slave isn't in the NS records.<br>
<br>
Also-notify directive. Either in an options stanza or a zone
stanza.<br>
<br>
> <br>
> thanks,<br>
> Guanghua<br>
<br>
-- <br>
Daniel J McDonald, CISSP # 78281<br>
<br>
<br>
<br>
> Date: Thu, 20 Feb 2014 10:48:36 -0500<br>
> From: Kevin Darcy <a class="moz-txt-link-rfc2396E" href="mailto:kcd@chrysler.com"><kcd@chrysler.com></a><br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> Subject: Re: how to hidden the salve<br>
> Message-ID: <a class="moz-txt-link-rfc2396E" href="mailto:530623D4.3000508@chrysler.com"><530623D4.3000508@chrysler.com></a><br>
> Content-Type: text/plain; charset="iso-8859-1";
Format="flowed"<br>
> <br>
> A "stealth" slave has a full copy of the zone, is not
published in the <br>
> NS records, and can resolve names in the latest copy of the
zone that it <br>
> transferred, even if all of the published NSes are down due
to a DDoS <br>
> attack.<br>
> <br>
> So, does that not meet the requirements?<br>
> <br>
> - Kevin<br>
> <br>
> On 2/20/2014 1:28 AM, houguanghua wrote:<br>
> > "Stealth" slave doesn't fully meet the requirement.
It's just part of <br>
> > the requirement to not publish the slave name server
in the NS <br>
> > records. Further more, the 'stealth' slave is quired
by local DNS <br>
> > server only when all name servers in the NS records
are out of service <br>
> > ( maybe in case of ddos attack).<br>
> > Guanghua<br>
> > ------------------------------<br>
> > On 2/19/2014 11:54 AM, Kevin wrote:<br>
> > Date: Wed, 19 Feb 2014 11:54:44 -0500<br>
> > From: Kevin Darcy <a class="moz-txt-link-rfc2396E" href="mailto:kcd@chrysler.com"><kcd@chrysler.com></a><br>
> > To: <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> > Subject: Re: how to modify the cache<br>
> > Message-ID: <a class="moz-txt-link-abbreviated" href="mailto:5304E1D4.5000303@chrysler.com">5304E1D4.5000303@chrysler.com</a> <br>
> > <a class="moz-txt-link-rfc2396E" href="mailto:5304E1D4.5000303@chrysler.com"><mailto:5304E1D4.5000303@chrysler.com></a><br>
> ><br>
> > Not a good solution. Even under "normal"
circumstances, there will be<br>
> > temporary bottlenecks, dropped packets, etc.. that
will trigger failover<br>
> > and users will get different answers at different
times. Not good for<br>
> > support, maintainability, user
experience/satisfaction, etc.<br>
> ><br>
> > If all you want is resilience, and you own/control the
domain in<br>
> > question, why not just slave it ("stealth" slave, i.e.
you don't need to<br>
> > publish it in the NS records)?<br>
> ><br>
> > If you *don't* own/control the domain in question,
what business do you<br>
> > have standing up a "fake" version of it in your own
infrastructure? Not<br>
> > a best practice.<br>
> ><br>
> > - Kevin<br>
> ><br>
> > On 2/19/2014 4:51 AM, houguanghua wrote:<br>
> > > Steven,<br>
> > ><br>
> > > Your solution is very good. It can forward the
queries to<br>
> > > the specified name servers first.<br>
> > ><br>
> > > But if the specified name server is enabled only
when normal dns query<br>
> > > process is down. How to configure the local DNS
server? The detailed<br>
> > > scenario is descibed in below figure:<br>
> > ><br>
> > ><br>
> ><br>
> > --------------<br>
> > | Root |<br>
> > | nameServer |<br>
> > / -------------<br>
> > (2)/<br>
> > /<br>
> > ---------- ----------- -------------<br>
> > | Client | __(1)____\ | Local | ___(3)_____\ | <br>
> > Authority |<br>
> > | Resolver | / | DNS Server | X / | DNS <br>
> > Server |<br>
> > ---------- ------------ -------------<br>
> > \<br>
> > \(4)<br>
> > \<br>
> > \ ------------<br>
> > | Hidden |<br>
> > | DNS Server |<br>
> > ------------<br>
> ><br>
> > > Normally,<br>
> > > 1) A internet user wants to access <a class="moz-txt-link-abbreviated" href="http://www.abc.com">www.abc.com</a>
<<a class="moz-txt-link-freetext" href="http://www.abc.com">http://www.abc.com</a> <br>
> > <a class="moz-txt-link-rfc2396E" href="http://www.abc.com/"><http://www.abc.com/></a>>,<br>
> > > a DNS request is sent to local DNS server<br>
> > > 2) Local DNS server queries the root name server,
the .com name<br>
> > > server to get the Authority Name Server of
abc.com<br>
> > > 3) local DNS server queries the Authority name
server, and gets the IP<br>
> > ><br>
> > > But when the Authority name server is down, the
internet user won't<br>
> > > get the IP address. My solution is as follows:<br>
> > > a) A hidden name server with low performance is
deployed. When<br>
> > > authority name server can't be accessed, local
dns server will access<br>
> > > the hidden server.<br>
> > > b)The hidden server is never used in normal
situation. It act as<br>
> > > a cold backup for authority name server.<br>
> > > c) The zone file in the hidden server is the same
as that<br>
> > > configuration in the authority name server<br>
> > > d) The hidden name server doesn't appear in the
NS records<br>
> > > of authority name server<br>
> > ><br>
> > > Btw, all above doesn't consider the cache in the
local dns server.<br>
> > ><br>
> > ><br>
> > > Best Regards,<br>
> > > Guanghua<br>
> > ><br>
> > ><br>
> > > > Date: Mon, 17 Feb 2014 09:09:13 +0000<br>
> > > > Subject: Re: how to modify the cache<br>
> > > > From: <a class="moz-txt-link-abbreviated" href="mailto:sjcarr@gmail.com">sjcarr@gmail.com</a><br>
> > > > To: <a class="moz-txt-link-abbreviated" href="mailto:houguanghua@hotmail.com">houguanghua@hotmail.com</a><br>
> > > > CC: <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> > > ><br>
> > > > On 17 February 2014 01:17, houguanghua
<a class="moz-txt-link-rfc2396E" href="mailto:houguanghua@hotmail.com"><houguanghua@hotmail.com></a> <br>
> > wrote:<br>
> > > > > I want to override the IP address of
NS, for I want to use other<br>
> > > authority<br>
> > > > > DNS which isn't registered.<br>
> > > ><br>
> > > > For that you use forwarding. Create a zone
statement for the zone in<br>
> > > > question and forward the queries to a
different name server. You don't<br>
> > > > need to mess with the cache.<br>
> > > ><br>
> > > >
<a class="moz-txt-link-freetext" href="https://mknowles.com.au/wordpress/2009/07/20/bind-forwarding-zone/">https://mknowles.com.au/wordpress/2009/07/20/bind-forwarding-zone/</a><br>
> > ><br>
> ><br>
><br>
<br>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</blockquote>
<br>
</body>
</html>