On 27 Nov 2017, at 5:22, Tony Finch wrote:
Joe Abley <jab...@hopcount.ca> wrote:
On Nov 23, 2017, at 12:44, Tony Finch <d...@dotat.at> wrote:
It's quite difficult to have multiple masters and DNSSEC and
coherent
copies of the zone from all masters - i.e. more effort than just
spinning
up parallel instances of BIND or Knot in automatic signing mode.
Note that I wasn't talking about multiple signers; I was talking
about
(from the perspective of one particular slave) having multiple
masters
available to serve precisely the same zone.
A primary master is wrt a zone not a server - a zone's primary master
is
a server that's authoritative for a zone and which does not get the
zone
contents via axfr/ixfr, but instead from a master file and/or UPDATE
(or
a non-standard mechanism such as directly from a database).
That sounds correct. It also sounds quite different than what is defined
in RFC 1996 and RFC 2136. How is this for new wording?
The idea of a primary master is only used in <xref target="RFC1996"/>
and <xref target="RFC2136"/>, and is considered archaic in other
parts of the DNS. A modern interpretation of the term "primary master"
is a server that is both authoritative for a zone and that gets its
updates to the zone from configuration (such as a master file) or from
UPDATE transactions.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
