Paul Vixie <p...@redbarn.org> wrote: > > we do not have well defined automation for making local names work when > the internet connection is down. at a very modest level of necessary and > inevitable complexity, one's own in-perimeter recursive servers can't > find one's own in-perimeter authority servers. so if your internet > connection goes down, then way more stuff becomes effectively > unreachable than what's on the far side of the disconnection point. > > mark andrews faced disconnections of this kind as a daily part of his > work about 30 years ago when he developed the "stub zone" feature and > contributed it to BIND4. but we have yet to automate it.
This won't address the deeper problems that you outlined, but... It occurs to me that this could be made a lot simpler with the right flavour of metazone / catalogue zone. On our site we encourage those running BIND to secondary our local zones, but it's horrible to configure and there's a lot of manualarity to co-ordinate delegation changes. But it has nice resilience and performance properties. However I'm doubtful that it's worth trying to make it possible to automatically discover a catalogue zone for the local domains on the local network... Forwarding to our recursive servers is a lot simpler to configure and has easier support for DNSSEC validation. Sadly DNSSEC reintroduces the external dependency problem, but serve-stale should mitigate that when our recursive servers support it. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Biscay: Westerly or northwesterly 3 or 4, occasionally 5 in north. Moderate, occasionally rough in north. Mainly fair. Good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
