This question might be more suitable for inet-access, but it's down, so I'm resending here: Silly question: If you have a customer who is doing their own primary DNS, but you are doing their secondary DNS (on 2 of your name servers) for them, is it better practice on your 2nd DNS server to xfer the zones directly from the customer's primary DNS server (a second secondary DNS server) or xfer it from your first server (the customer's secondary server) doing "true tertiary" DNS? Or should the tertiary use multiple masters? Thinking about rewriting the scripts a bit... thanks, James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
--On Tuesday, July 8, 2003 4:22 PM -0400 "up@3.am" <up@3.am> wrote:
This question might be more suitable for inet-access, but it's down, so I'm resending here:
Silly question:
If you have a customer who is doing their own primary DNS, but you are doing their secondary DNS (on 2 of your name servers) for them, is it better practice on your 2nd DNS server to xfer the zones directly from the customer's primary DNS server (a second secondary DNS server) or xfer it from your first server (the customer's secondary server) doing "true tertiary" DNS? Or should the tertiary use multiple masters?
My hobbiest setup pulls from multiple masters. Not much point having multiple servers if a little network partitioning (which happens all too often) will stop your servers from communicating.
Subject: Tertiary or 2nd Secondary DNS? Date: Tue, Jul 08, 2003 at 04:22:49PM -0400 Quoting up@3.am (up@3.am):
If you have a customer who is doing their own primary DNS, but you are doing their secondary DNS (on 2 of your name servers) for them, is it better practice on your 2nd DNS server to xfer the zones directly from the customer's primary DNS server (a second secondary DNS server) or xfer it from your first server (the customer's secondary server) doing "true tertiary" DNS? Or should the tertiary use multiple masters?
Have all servers point to the master. Reason: If you run DNS Notify (and it is hard not to, since all usable versions of BIND do it by default, and most people use BIND) you might get into a situation where the master gets a new zone version, sends out notifies to all listed name servers, which then go and ask SOA queries, not to the IP address they got the notify from, but to the configured master. If that master is itself a slave, then it might not have had time to get the zone transfered and loaded by the time its slaves start sending it SOA queries, which will make the slaves believe that it was a bogus notify, and fall back to the old "check once every SOA refresh seconds" This is as I remember it, anyway ;-) -- Måns Nilsson Systems Specialist +46 70 681 7204 KTHNOC MN1334-RIPE This MUST be a good party -- My RIB CAGE is being painfully pressed up against someone's MARTINI!!
participants (3)
-
John Payne -
Mans Nilsson -
up@3.am