[dns-operations] Quick analysis of TLD SOA's
Joe Abley
jabley at hopcount.ca
Wed Jul 13 16:51:06 UTC 2011
On 2011-07-13, at 12:22, Simon Munton wrote:
> On 13/07/2011 16:54, Phil Regnauld wrote:
>> Fair enough, provided NOTIFYs are received
>
> NOTIFYs have to be ACKd by the Slave (RFC1996 4.7), and are re-sent if not received ... up to a point
Some redundancy of design is possible, though, e.g. if zone data flows
M -> ( DM1, DM2, ... ) -> ( NS1, NS2, ... )
(M being "master", DM being "distribution master", NS being nameservers that answer queries from the world and hence represent the delegation/apex NS sets for a zone)
then you can configure a a partial mesh of NOTIFYs, e.g.
M -> DM1
M -> DM2
DM1 -> DM2
DM2 -> DM1
DM1 -> NS1
DM2 -> NS1
DM1 -> NS2
DM2 -> NS2
(etc)
By making sure there's at least two NOTIFY paths for each nameserver you reduce the chance that a (network, other) problem in one NOTIFY path leads to a nameserver falling back to (REFRESH, RETRY) semantics for zone transfers.
Joe
More information about the dns-operations
mailing list