Nameservers malfunction and networks in front of them malfunction.
When this happens to the secondary,
then you suffer what you are reporting. If you have only one
nameserver, then such a malfunction can
leave you dead in the water.
I've run into the issue of updates to secondaries stopping for some
reason, and then noticeable
symptoms set in much later (after the data expires), making
troubleshooting require a look pretty far
back in time to identify the failure or change that caused the
problem. Setting long expire times lengthens
the time you need to look back. Under various circumstances, I've
addressed this issue two ways:
(1) Instead of using the DNS transfers, devise my own method of
keeping the servers' authoritative data in
synch. This can be very little trouble if you run all the servers
yourself and you maintain the data on a third
server, e.g. in your own database: just load the data on all the
authoritative nameservers instead of one.
But it's either more difficult or impossible if you provide dynamic DNS.
(2) Run scripts periodically to check SOA serial numbers and report if
they are sitting longer than
they should out of synch.
John Wobus
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
