Re: DDNS and Hidden Master == Brain-Damaged
This is a discussion on Re: DDNS and Hidden Master == Brain-Damaged within the Bind Users forums, part of the DNS and Related Forums category; --On 26. januar 2005 23:41 -0800 Phil Dibowitz <phil@ipom.com> wrote: > As someone about to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-27-2005
|
|||
|
|||
Re: DDNS and Hidden Master == Brain-Damaged
--On 26. januar 2005 23:41 -0800 Phil Dibowitz <phil@ipom.com> wrote:
> As someone about to hide our hidden master, it sounds like the best > solution will be to make the SOA record *not* the hidden master, but > instead a public DNS server, and then it's by all means... hidden. > Does that break anything else? If you put one of your front-end nameservers in the MNAME-field of the SOA-record, you'll have problems with NOTIFY - a hidden master running BIND 9.x will send a NOTIFY-message to every NS-record in the zone, _except_ if it's also the MNAME. I think I'll try to rephrase/explain, English isn't my primary language. Let's say you have a hidden master dns0.example.com and two slaves that are reachable from the outside: dns1.example.com and dns2.example.com. ...and your zonefile looks anything like this (simplified...): example.com IN SOA dns1.example.com. hostmaster.example.com. ( 2005012701 ...etc.. ) IN NS dns1.example.com. IN NS dns2.example.com. When you then reload the zone on dns0, BIND 9.x will send notifies to the servers mentioned in the NS-records. Except for dns1.example.com since it's in the SOA as well. I think you can probably work around this brain-damage by configuring an "also-notify" statement in named.conf but I haven't tried this myself. -- Hilsen / Regards Eivind Olsen eivind@aminor.no 
|
Linear Mode
