Thanks to all for the info. Denise
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Darcy Sent: 2008-11-10 9:59 PM To: bind-users@isc.org Subject: Re: Primary DNS server [EMAIL PROTECTED] wrote: > We are re-evaluating the way our DNS server are set-up. We currently have one > primary and one slave DNS server. Each of them can resolve any domain names > that they are authoritative for (approx 175 domain names). > > I'm wondering if it is possible to only have the slave servers (2 or 3 of > them) answering all queries and leaving the primary out of it. > > Is it safe to do this type of set-up. Any advise appreciated. > Yes, this is perfectly normal, the so-called "hidden master" setup. Just leave the primary master out of the NS records and any resolver configs and no-one should be sending normal queries to it. It should only be getting refresh queries and zone-transfer requests from its slaves. Note, however, that if you use Dynamic Update at all, the presence of the primary master in the SOA.MNAME of the relevant zone(s) might not be sufficient identification of the Dynamic Update master if that name is missing from the NS records of the zone(s). You might need to _force_ the client to use the primary master if it's "hidden" in this way. In nsupdate, for instance, you'd use the "server" command to do that. Every Dynamic Update client has -- or should have -- its own mechanism for forcing the Dynamic Update requests to go to a particular place. - Kevin