> This may be an unpopular opinion, especially on the BIND-Users mailing > list (sometimes BIND is not the best answer). > > It sounds like you might want something like multi-master DNS servers > that Active Directory (with AD integrated zones) provides.
Here's the Microsoft AD DNS explanation: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/active-directory-integrated-dns-zones This may be the time to start some dialogue around the way Bind processes updates. While AD integrated DNS does process updates for multiple masters, it does it outside the Bind-centric communications path. (I believe it uses AD to forward updates from one master to the others). Bind needs some sort of multi-master framework but there are a few issues if things stay the way they are. There are obvious issues with serial number accounting and slave notification. There are also issues with update processing (and forwarding). Right now the only server that can accept updates is the master. Forwarded updates are stamped as coming from the forwarding node. That makes tracking updates almost impossible. (And that seems to be the case for both signed and un-signed updates) I may be not seeing something but from my point of view, that, above all else, must change if a meaningful multi-master framework is to emerge. Regards, Bob
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
