On 2014-05-07 15:06, Lawrence K. Chen, P.Eng. wrote:
OTOH, the idea of multi-master is intriguing.....the only down side I see, is
hat I have one really powerful server for my current master....(Sun Fire
X4170)....and my other servers are weak leftovers....just passed EOL last year.
And, have all the servers doing full DNSSEC signing could be interesting.
It also raises the question of how does the outside world cope with all the
servers having identical zones...signed on slightly different times, etc.
(especially since I'm using unix timestamp for zone serial....avoids issues of
multiple admins incrementing serial without noticing others and/or collisions
with DNSSEC's incrementing of serials.)
I wouldn't expect any real issues here, Windows DNS has done multimaster
DNS since Windows 2000. In the case of Windows, dynamic updates (via
client or GUI) can be done at any location, the serial numbers are
incremented automatically, but the zones and servers may vary from each
other for a brief period of time.
So for example, DC1 and DC2 may start with serial 100, DC1 will receive
2 changes and be up to 102, DC2 will give 5 different changes and be up
to 105. When Active Directory synchronization happens outside of DNS,
the two sides merge changes together, and set the serial to the higher
of the two plus one, so the serial would be 106. To the outside world,
records can appear/disappear for a brief period while the servers drift
out of sync, similar to what could happen in a BIND configuration
without notifies as resolvers hit the two DNS servers round-robin.
The only thing that causes issues is if you use DNS to create a
non-Active Directory slave. BIND will throw errors because it will see
serial 100, 101, 102, then get a notify from the second server about
101. However, the slave will still sync up once the AD servers sync to
106. The fix here is to configure BIND to only slave off of one master
or the other, not both.
While there might be other factors involved in turning BIND into a true
multi-master solution, I wouldn't expect zones drifting out of sync or
having minor differences to be a big factor since it happens in the wild
already.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
