4 Bře
2017
4 Bře
'17
9:47
Hi,
A hidden master server is simply a master which is not mentioned in the
zone's NS list and is not a SOA MNAME. Also it is protected by a
firewall
and just zone transfers to specific servers, which are in the zone's NS
list, are allowed. But still this is based on zone transfers, which you
don't want.
As your use case seems to be simple, server synchronization via remote
file transfer could work :-)
Daniel
On 2017-03-03 14:11, Giovanni Civardi wrote:
Hi Daniel and thanks,
my goal is to implement a public and distributed DNS infrastructure,
but do not would like to have master-slave zone transfer.
In my mind I got this picture: one master server that can push the
zone config via rsync or rdist (no dynamic updates or DNSSEC, just
simple zone files updates) every time the config change.
In fact, every time I need another DNS server i would simply deploy
the server, give it an Ip Add and then notify the master with the new
server and push the zone conf.
When you say hidden master and more public masters what do you mean?
thanks,
GIOVANNI CIVARDI
System Engineer
MAINSTREAMING
Phone +39 02 868969.69
Web http://www.mainstreaming.tv
Il giorno 03 mar 2017, alle ore 14:02, Daniel
Salzman
<daniel.salzman(a)nic.cz> ha scritto:
Hi Giovanni,
Knot DNS doesn't support master-to-master synchronization.
Why don't you want master-slave topology? You can have one hidden
master, more public masters,
which would be slaves of the hidden master, and possible slave
servers with more masters. It's quite
common strategy and easy to realize.
I think that a disadvantage of multi master is rare implementation
in DNS servers. Also it's
out-of-scope of DNS so there are not standards how to do that. But a
very simple solution could be
distribution of your zone file (over ssh) among the master servers
and reload them synchronously :-)
What type of zone changes do you plan to perform? Simple zone file
updates, dynamic DNS updates,
or/with automatic DNSSEC signing?
Regards,
Daniel
On 03/03/2017 11:47 AM, Giovanni Civardi wrote:
> Hi,
> i’m evaluating some DNS solution for our multi-site distributed
> environment.
> I do not want a master-slave scenario, but would like to implement
> some multi-master.
> do you think is achievable with KNOT? have you ever implemented
> some master-to-master synchronisation? what could be the benefits
> having a multi-master scenario against the classic master-slave
> scenario?
>
> thanks!
>
> GIOVANNI CIVARDI
> System Engineer
>
> MAINSTREAMING
> Phone +39 02 868969.69
> Web http://www.mainstreaming.tv [1]
>
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
Links:
------
[1] http://www.mainstreaming.tv/