Date: Sun, 26 Aug 2001 13:27:32 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Geoff Rehmet" <geoff@illuminati.is.co.za>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Secondary DNS Transfers Message-ID: <002a01c12e6d$88b598c0$1401a8c0@tedm.placo.com> In-Reply-To: <20010825160634.A53802@illuminati.is.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Geoff Rehmet >Sent: Saturday, August 25, 2001 7:07 AM >To: freebsd-questions@FreeBSD.ORG >Subject: Re: Secondary DNS Transfers > > >On Sat, Aug 25, 2001 at 02:48:16PM +0200, Len Conrad wrote: >> >> Taking down a DNS primary for some days to see if the slave is >answering is >> not an efficient validation. And anyway, the slave will answer with >> whatever copy of the zone file it has, which is not necessarily the >> masterīs version. >Actually, something that your secondary may get ratty with you for - >we have 20 000 zones on our name servers, of which well over 10 000 >zones are slave zones. If someone switches off their primary, that >causes our secondaries to spend more work trying to transfer zones. >(At the moment, we have well over 100 zones still where the transfers >from the primary are failing for various reasons, and yes, that has >caused a large number of lame delegations because of zone files expiring >etc.) > Um - your secondary is there because your SUPPOSED to be serving as the backup for those primaries. If you can't do it then you shouldn't be secondarying for them. Stop doing it. There's plenty of other DNS servers that aren't so overloaded - your doing a disservice by accepting secondarying on domains that you know you cannot properly handle. While I'm not expecting that you can pick up resolution for all 10,000 zones at once, you certainly should be able to pick up resolution if 10% of them were to go offline at once - and that includes vanity domains and such that hardly ever get queries. If you can't then you need to reduce the number of zones that you secondary for or increase your bandwidth or server power. The Internet already has enough slow, underpowered DNS servers now with everyone and their dog that wants to host websites all attempting to grab as many domain names for their DNS servers as they can. >It's actually shocking how many of the admins of zones that we secondary >don't even realise that their zones are not loading on their servers >after they edited the zone file, and didn't check it for errors! > Yes - we get this too. It's one thing for a primary to be down for a day or so, but if I see one of ours go for longer than that then I test their mailhost to see if it's still alive, and if it is I e-mail the admin. But, don't assume that their zones are not loading in THEIR nameserver - they very well may be. What the really shocking thing is is that there's people writing DNS servers that aren't following the RFC's on DNS or testing interoperability with other DNS servers. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002a01c12e6d$88b598c0$1401a8c0>