------------------------------------------------------------------------------- John Hascall, j...@iastate.edu Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services) IT Services, The Iowa State University of Science and Technology
> On 12/4/2012 6:00 AM, John Hascall <j...@iastate.edu> wrote: > > We have found that RPZ works quite well for us. > > We have 366825 names in our RPZ zone at present > > and scaling thus far has been a non-issue. > A question from the OP that has not yet been answered - > Make the zones masters on all servers. What I did was to > have a file in common storage accessible to each DNS server, > and every 10 minutes a cron job would run to see if the > file in common storage had been updated. If so, then > the file was copied to the local disk, and an "rndc reconfig" > command was issued to re-read the config file. Note that the > 10-minute cron ran at a different minute on each server to insure that > only one server was reloading at any given time. (Assuming you have good time sync!) We just used standard DNS tools. Our RPZ zone is hosted on its own (virtual) server. The public recursive servers secondary the zone. Updates to the zone are done with 'nsupdate' and then propagate outward via IXFR. We believe this approach is simple, yet it gives us low latency and does not introduce any single points of failure into the DNS resolving service. John _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
