DNS question
Amos Shapira
amos.shapira at gmail.com
Fri Jun 17 03:33:44 IDT 2011
I'm not sure what you are asking - DNS servers are supposed to be there in
order to respond to queries, why shouldn't they answer queries? The slaves
are there exactly as a back-up in case the master becomes unavailable. What
else do you think they are there for?
If at all - the usual setup is that the master is hidden behind a firewall
and only the slaves answer queries. This is supposed to make it harder to
inject bad records into the database since the secondaries should only read
from a secure none-public server.
BTW - if you have your own servers and your own IP address block then check
options for using anycast to get DNS queries routed to the closest DNS
server (http://en.wikipedia.org/wiki/Anycast).
(we just use GoDaddy's anycast DNS servers for our corporate domain and
Neustar for the heavy-lifting SaaS application domain, with automatic DNS
fail-over in case one of our DC's becomes unavailable, at least for now. I
don't see a way to use GoDaddy as pure secondary DNS service but a quick
call to their very helpful support can clear that, and there must be many
other providers you can use for that).
--Amos
2011/6/17 Hetz Ben Hamo <hetzbh at gmail.com>
> Hi,
>
> After big frustration from some DNS providers, I've decided to roll my own
> with servers here in Israel, Ireland, and 2 US servers.
> I've configured the Master in Israel and the rest are slaves.
>
> I threw some domains, and the sync works great.
>
> My problem is simple: The server in Israel answer queries from the world,
> but should the slaves answer too?
> If not, what happens when the master goes down?
>
> I checked some big names servers (like Yahoo) - their servers don't answer
> any queries.
>
> So should the slave server be configured not to answer any query from
> outside?
>
> (I know it's a non issue in corporates where you can configure both master
> and slave answer from internal IP's, but here there are no internal IP's).
>
> Thanks,
> Hetz
>
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110617/4c32c706/attachment.html>
More information about the Linux-il
mailing list