On Thu, Feb 18, 2016 at 5:06 PM, Mark Andrews <ma...@isc.org> wrote: > For some reason people are afraid to slave internal zones. Back > when I was working for CSIRO I used to slave all the internal zones > for all of the sites the division had. Each site administered its > own zones but all sites slaved all of them. That way local and > inter site lookups always succeeded even when the external links > were down.
It wasn't so much a fear thing for us as a configuration thing: we previously were using a pair of nameservers for everything under the sun. Not being sure if we would do BIND for recursive DNS (or authoritative, for that matter), it was far easier to migrate things piecemeal. Using stub zones on the resolvers makes configuration far simpler as well. We're also in an interesting place where our internal zones aren't _really_ internal: everything for the most part has a .brandeis.edu FQDN, and the world sees largely the same set of records that we do locally. We have to keep everything synced up somehow. Is slaving internal zones like this feasible with other DNS products (NSD, PowerDNS)? Both of those run different binaries for their authoritative and recursive functions, so this seems like a BIND-specific (or BIND9, at least) way of doing things. We'll definitely be increasing recursive-clients (likely to something ~10k). I'd imagine that we'll also start slaving our own zones again--we just need to figure out the config management piece of things. Shouldn't take more than a day or two, though. Thanks for the advice, Mark. John _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
