Thanks for the bind support.
So far I only have the bind based hidden master working. After
implemented these changes the zone transfers will take too long from the
time I do the rndc reload on the hidden master.
The knot based public servers are a bit quicker typically takes about 1
to 2 minutes.
The bind based public servers are random, I think they are typically
transfer on retry.
Once the transfer starts it is instantaneous.
I have no clue what it is doing that time... It is as if the notifies
are being stalled....
The master is behind a firewall and the NAT is a 1:1 so the source IP of
the Notifies and IXFR is correct.
On knot i am getting a Incoming IXFR of xxx Falling back to AXFR
On 7/7/2014 7:39 PM, Ondřej Surý wrote:
Hi Maren,
you should turn the explicit notification
both in bind and knot.
For Knot use "notify-out <slave1> <slave2>;" + "xfr-out
<slave1> <slave2>;"
See the documentation:
https://www.knot-dns.cz/static/documentation/html/configuration.html#master…
For Bind use "notify explicit;" + "also-notify;", see:
http://www.zytrax.com/books/dns/ch7/xfer.html#notify
Ondrej
--
Ondřej Surý -- Chief Science Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury@nic.cz
http://nic.cz/
-------------------------------------------
----- Original Message -----
> From: "Maren S. Leizaola" <leizaola(a)udr.hk.com>
> To: knot-dns-users(a)lists.nic.cz
> Sent: Monday, July 7, 2014 1:32:52 PM
> Subject: [knot-dns-users] Two hidden masters - sending notifications to public
slaves.
> Hi,
>
> We are setting up to do zone generations of two separate hidden masters
> which will take turns on the zone generation.
>
> Public/visible DNS servers "should" get notifies from both servers and
> select the one with the with the highest serial number.
>
> I am planning to run bind on one server and knot on the other. On bind i
> have the issue that it would not send notifies to the name servers until
> I turned on "notify-soa yes;". However I realise that his will only
> notify one single DNS server and introduces a single point of failure.
>
> Does Knot have any issues sending the notifies. How do I go about
> getting this done?
>
> Regards,
> Maren
>
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users(a)lists.nic.cz
>
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users