bind 9 multiple masters setup

[dev null]

Hello,

I have most of this worked out but I intend to setup bind in a
multiple master manner.

This makes me question a few things:

1. What can I use for the SOA MNAME? In the off chance a box may die,
I am thinking of using a VIP which contains the multiple masters
within it. However I am not sure how this would affect NOTIFY. So can
I use a VIP or do I just use one of the master DNS boxes in the SOA
MNAME field?
2. With that said, I intend to use rndc to push out DNS changes,
should I worry about using a VIP still? I may need to use both and
NOTIFY seems like it is more built-in so I want to keep rndc and
NOTIFY going.

Hope someone has gone through this trauma.

Thank you!,

Zahid Bukhari

[Emil Natan]

On Wed, Jan 12, 2011 at 5:13 PM, dev null <dev...@cimmerii.org> wrote:

Hello,

I have most of this worked out but I intend to setup bind in a
multiple master manner.

This makes me question a few things:

1. What can I use for the SOA MNAME? In the off chance a box may die,
I am thinking of using a VIP which contains the multiple masters
within it. However I am not sure how this would affect NOTIFY. So can
I use a VIP or do I just use one of the master DNS boxes in the SOA
MNAME field?

You can use any authoritative for the zone name server. One of the masters is good enough.
 

2. With that said, I intend to use rndc to push out DNS changes,
should I worry about using a VIP still? I may need to use both and
NOTIFY seems like it is more built-in so I want to keep rndc and
NOTIFY going.

How do you plan to replicate the zone data between the masters? At the slaves you can just set few masters for each zone. For example:

zone "example.com" {
           type slave;
           file "/var/named/example.com.zone";
           masters { master_ip_address; master_ip_address; ... };
}

When named receives NOTIFY for a zone it will check one by one the servers from the "masters" list.

Hope someone has gone through this trauma.

Thank you!,

Zahid Bukhari

_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

ena

[Torinthiel]

On 01/12/11 16:13, dev null wrote:
> Hello,
>
> I have most of this worked out but I intend to setup bind in a
> multiple master manner.
>
> This makes me question a few things:
>
> 1. What can I use for the SOA MNAME? In the off chance a box may die,
> I am thinking of using a VIP which contains the multiple masters
> within it. However I am not sure how this would affect NOTIFY. So can
> I use a VIP or do I just use one of the master DNS boxes in the SOA
> MNAME field?

It's mostly ignored. All resolvers go for the NS records at the zone
apex, not for MNAME. Even if the server named in MNAME dies, it won't
affect resolving. You just rebuild that machine, or even build another
one and change slaves to get data from new master.

> 2. With that said, I intend to use rndc to push out DNS changes,
> should I worry about using a VIP still? I may need to use both and
> NOTIFY seems like it is more built-in so I want to keep rndc and
> NOTIFY going.

Isn't it simplier to just let BIND do it's job? When master loads a
changed zone, it sends NOTIFY messages to slaves, and slaves seeing that
they have outdated zone files download the zone from master.
rndc can only tell BIND (either master or slave) to initiate that
connection, it can't change zones by itself.
You could of course copy zone files to slaves by some means (rsync?
scp?) and then rndc reload the slave, but
a) why?
b) it really isn't a slave anymore, at least not in DNS terms.
Torinthiel

[dev null]

Thank you all!

So, it would still have rndc do the reload essentially and file copy
because the masters would get the files via cfengine which we have
working via scp. So basically it's not going outside of what bind
provides.

This is to quickly stand up several DNS boxes, even masters.

Since the masters got the copy then from there rndc would take over
and the slaves listed as slaves in the named.conf would get the update
/ notify etc etc.

The main thing was the MNAME which I started doing but Emil confirmed
as being safe to do.

[Gordon A. Lang]

If a zone is not dynamic, then the MNAME does nothing except to possibly
inhibit notifies to the declared master iff you specify the option "notify
yes" or if you do not specify any notify option (as "notify yes" is the
default).

If a zone is dynamic, then the MNAME plays a very critical role of telling
all clients where to send dynamic DNS updates.

I hear that support for multi-master with dynamic zones is expected in
version 10. I have my own questions about how that will be done.

--
Gordon A. Lang / 313-819-7978

----- Original Message -----
From: "dev null" <dev...@cimmerii.org>
To: <bind-...@lists.isc.org>
Sent: Wednesday, January 12, 2011 10:13 AM
Subject: bind 9 multiple masters setup

> Hello,
>
> I have most of this worked out but I intend to setup bind in a
> multiple master manner.
>
> This makes me question a few things:
>
> 1. What can I use for the SOA MNAME? In the off chance a box may die,
> I am thinking of using a VIP which contains the multiple masters
> within it. However I am not sure how this would affect NOTIFY. So can
> I use a VIP or do I just use one of the master DNS boxes in the SOA
> MNAME field?

> 2. With that said, I intend to use rndc to push out DNS changes,
> should I worry about using a VIP still? I may need to use both and
> NOTIFY seems like it is more built-in so I want to keep rndc and
> NOTIFY going.
>

> Hope someone has gone through this trauma.
>
> Thank you!,
>
> Zahid Bukhari