Re: several master ip's for a slave zone
How does this feature address the risk that data provided by one master might get overwritten by another? Regards, Kalpesh On Fri, Nov 4, 2011 at 4:08 AM, Anand Buddhdev wrote: > On 03/11/2011 23:14, hugo hugoo wrote: > > Hi Hugo, > > > I have seen that for a slave zone, it is possible to configure several > master IP's. > > Why this possibility? > > How does it works if several master zone can be used for the zone > transfer? > > This allows for resiliency. In case one of the master servers is > unreachable, BIND can try the next master in the list. > > Anand Buddhdev > RIPE NCC > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: several master ip's for a slave zone
On 05/11/2011 09:21, kalpesh varyani wrote: > How does this feature address the risk that data provided by one master > might get overwritten by another? Why would anyone run multiple masters with differing zone contents? Anand ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: several master ip's for a slave zone
On 11/05/2011 08:21 AM, kalpesh varyani wrote: How does this feature address the risk that data provided by one master might get overwritten by another? The zone serial number is checked, and a transfer is only done if the serial is higher than the local one. It is assumed the zone admin won't be silly enough to then create a zone with a higher serial, but wrong data. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: several master ip's for a slave zone
On 11/5/2011 4:21 AM, kalpesh varyani wrote:
> How does this feature address the risk that data provided by one master
> might get overwritten by another?
The use of the word "masters" in the configuration of a slave zone is a
bit misleading. Under most circumstances, you list the authoritative
servers, not "multiple masters".
I have long advocated (for clarity sake) that it should be:
slave example.com {
type slave;
authoritatives { 192.0.2.12; 203.0.113.53; };
};
instead of:
slave example.com {
type slave;
masters { 192.0.2.12; 203.0.113.53; };
};
But that would break lots of configuration files. :)
AlanC
--
a...@clegg.com | acl...@infoblox.com
1.919.355.8851
signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: several master ip's for a slave zone
On 11/05/11 03:21, kalpesh varyani wrote: How does this feature address the risk that data provided by one master might get overwritten by another? Regards, Kalpesh On Fri, Nov 4, 2011 at 4:08 AM, Anand Buddhdev mailto:ana...@ripe.net>> wrote: On 03/11/2011 23:14, hugo hugoo wrote: Hi Hugo, > I have seen that for a slave zone, it is possible to configure several master IP's. > Why this possibility? > How does it works if several master zone can be used for the zone transfer? This allows for resiliency. In case one of the master servers is unreachable, BIND can try the next master in the list. Anand Buddhdev RIPE NCC ___ When you have more than one master, the serial number is used to determine which Master has the most current version of the zone by the slaves. The slaves actually ask for the SOA record from each Master when refreshing. Lyle Giese LCR Computer Services, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: several master ip's for a slave zone
if i have several master servers, whether i must ensure that all the master
server's serial are the same? i think this is a little complex, in
particular zone is updated by dynamic update(In such a scenario, the serial
number is controled by every single bind).
is it correct?
2011/11/5 Alan Clegg
> On 11/5/2011 4:21 AM, kalpesh varyani wrote:
> > How does this feature address the risk that data provided by one master
> > might get overwritten by another?
>
> The use of the word "masters" in the configuration of a slave zone is a
> bit misleading. Under most circumstances, you list the authoritative
> servers, not "multiple masters".
>
> I have long advocated (for clarity sake) that it should be:
>
> slave example.com {
>type slave;
>authoritatives { 192.0.2.12; 203.0.113.53; };
> };
>
> instead of:
>
> slave example.com {
>type slave;
>masters { 192.0.2.12; 203.0.113.53; };
> };
>
> But that would break lots of configuration files. :)
>
> AlanC
> --
> a...@clegg.com | acl...@infoblox.com
> 1.919.355.8851
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Best regards.
Felix New
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS requests with Rd flag cleared
On 04.11.11 17:21, patrice.wacren...@orange.com wrote: I have noticed that every request sent by a BIND recursive DNS server during its iterative process is sent with rd flag cleared. Correct. when bind does the resolution, it does not ask other servers to do it, only to provide data they have. I also noticed that when a zone is of type "forward", the forward is not done for requests received with rd flag cleared. Correct, the 'forward' type means that other servers have to be asked to do the resolution. In that situation any DNS authoritative server receiving such requests (with rd flag cleared) is supposed to answer with NS records Actually, no. authoritative server is expected to provide data it has. If not, it needs not to provide anything (but servfail) and will never be able neither to transmit any recursive request nor to forward the request to some other DNS server. that's what authoritative server means. Are there some possibilities to force a recursive DNS to perform its recursive process even for request received with rd flag cleared ? no. You must do what Phil Meyers advised to you in other reply -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "One World. One Web. One Program." - Microsoft promotional advertisement "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
How to show the Recursion behaviour of DNS Servers
Dear All, Is there any way in dig or nslookup utility to see the whole path which a DNS Server follows for giving me the answer. For eg: Suppose I ask what is www.nkn.in from goggle 8.8.8.8 server AND at that time goggle 8.8.8.8 DNS doesn't have the answer in its cache. Then it will first go to root servers then .in NS server and then nkn.in NS server. I wanna show this to my trainees as a POC. Is this possible? Thanks and Regards, Gaurav Kansal NIC 8860785630 9910118448 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to show the Recursion behaviour of DNS Servers
On 05/11/2011 19:37, Gaurav Kansal wrote: > Is there any way in dig or nslookup utility to see the whole path which a > DNS Server follows for giving me the answer. dig +trace www.nkn.in is pretty close to what you ask. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: several master ip's for a slave zone
On 11/5/2011 9:32 AM, Felix New wrote: > if i have several master servers, whether i must ensure that all the > master server's serial are the same? i think this is a little complex, > in particular zone is updated by dynamic update(In such a scenario, the > serial number is controled by every single bind). > > is it correct? You have an odd setup. You _should_ only be doing updates on a single "master" with all of the other servers being defined as slaves. If you have dynamic updates going to multiple "masters" in one zone, you may want to consider breaking it up into multiple zones, each with one master, or looking into "allow-update-forwarding". Sounds like you may want to look at re-engineering at some level. AlanC -- a...@clegg.com | acl...@infoblox.com 1.919.355.8851 signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
