On 2/15/22 1:07 AM, Bjørn Mork wrote:
You'll normally get a few update queries to the SOA MNAME if you leave the real master there.
This was going through my mind as I read the thread.Aside: BIND secondaries can be configured to forward such updates to the hidden primary.
Whether you should change the MNAME or not is another question...
Is there a recommendation / best practice regarding what to set the MNAME to in a hidden primary configuration?
I believe that each server in an MS-DNS AD integrated configuration uses it's own name as the MNAME. I'm not aware of a way to do similar with BIND. The closest that I've come (in a thought experiment) is to use a place holder name that each BIND server resolves said name to itself. This can be done with a dedicated name it it's own independent zone that each server has different zone contents to refer to itself.
Are there any recommendations around MNAMEs in a hidden primary situation? -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
