On 2016-02-18 18:19, John Miller wrote:
Something I just thought of: how did you manage your NS records in this situation? To get NOTIFY/IXFR to work properly, either you have to list every one of your recursive servers in your local NS records or you have to do an also-notify block on the master. Or you just skip the NOTIFY/IXFR altogether and set very low refresh values on your zones! How did you handle standing up/taking down servers quickly?
At one site we had a script that builds the list of IPs for the also-notify block and allow-transfer block dynamically, and for deploying a new recursive server we run a script that downloads an appropriate named.conf and registers with the aforementioned script to subscribe to notifications.
It also re-downloads the named.conf (and re-registers for notifies) via cron, so the master script refreshes the list of slaves. At least at the start, we didn't actually track timestamps or anything fancy, we should, but it never got implemented, instead we just dumped the whole list once in a while and recursive/slave servers got to wait an hour until their cron ran before they got notifies, in the mean time, the short refresh value took care of it.
It's not perfect, it could be better, but it worked with a minimum of hassle.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
