I've got two recursive dns servers running ISC 9.11 and 9.12. We are using RPZ and I have a whitelist/blacklist exception zone file on both servers. I need the ability to change it only on one server and have it propogate to the other servers. My config is working, but I'm getting some delays that i'd like to eliminate. First off, on the "master" server, when I update the rpz-local file and run a rndc reload, it takes about 2 minutes before I see the xfer-out in the logs. On the "slave", I also see the xfer-in at the same time. There are no errors, just that kickoff delay.
Then, on the "slave", it takes about 15 minutes for the file to actaully update with the new info from the time of the xfer-in. I've tried adding NS records for the slave in the zone file and doing some things with notify, but nothing seems to help. I'd like the changes to be almost instantaneous from the time I run the rndc relaod. Here is the config from the "master". /etc/named.conf acl RPZ { 192.168.1.100; }; zone "rpz-local" { type master; file "db.rpz-local"; allow-transfer { localhost; RPZ; }; allow-query { localhost; RPZ; }; }; zone file: $TTL 150 @ IN SOA localhost. need.to.know.only. ( 201707314 ; Serial number 10 ; Refresh every 10 seconds 10 ; Retry every 30 seconds 432000 ; Expire in 5 days 60 ) ; negative caching ttl 1 minute IN NS ns1master.example.com IN NS ns2slave.example.com ;# ------------------------------------------------------------------- ;# Whitelist entries using rpz-passthru ;# ------------------------------------------------------------------- deteque.com IN CNAME rpz-passthru. *.deteque.com IN CNAME rpz-passthru. Here is the config from the slave: /etc/named.conf acl RPZ { 192.168.1.101; }; zone "rpz-local" { type slave; file "db.rpz-local"; masters { 192.168.1.101; }; allow-transfer { localhost; RPZ; }; masterfile-format text; allow-query { localhost; RPZ; }; };
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users