On Thu, 10 May 2001, Chen Shapira wrote:
> Can you explain to me the issue here?
> Why do we want the IGLU server as primary? what is the difference between
> primary and secondery DNS's? Why do you think he may object?
the 'primary' is the server via which the domain is actively managed (i.e.
DNS records added/removed).
a secondary DNS merely copies its data from the primary DNS server.
ofcourse, there is nothing in the DNS protocol that enforces this
behaviour. technically, i could take a 'secondary' DNS server that is
under my control, and inject via it any DNS records i want. this will
cause inconsistencies between what this DNS server gives and what the
primary gives, but for someone with maliceous(?) intents, this is good
enough.
besides, when you register a domain with ISOC-IL or nternic or other
oranizatons, you just give them a list of name servers. no mentin of
'primary' or 'secondary', 'prefered' or 'less prefered'. their name
servers are usualyl configured to reply to NS queries for the domain with
a round-robin list of its name servers (that is, in each reply, a
different name server will be listed first, in a round-robin manner).
> I believe the reason it all started was because his DNS failed. Correct me
> if I'm wrong, but in case one DNS fails, the second should back him up,
> right? So one problem was that TKOS failed (but that could happen to us too,
> perhaps triggered by disk space?) and the other problem was that we hadno
> active secondary.
>
> Having us as secondary should solve the problem. No?
partially, since most client programs have a short time out for domain
name resolutions, and often then do not automaticlly try to go to the next
DNS server (at least as far as i've noticed). so a secondary DNS is not a
full-proof solution - it just increases the chance that the domain wil be
properly resolved by some properly working software. theusage of several
DNS servers is more a work of a primitive load-balancer, then a
high-availability service, IMO.
--
guy
"For world domination - press 1,
or dial 0, and please hold, for the creator." -- nob o. dy
----------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED]
Archives available at http://www.mail-archive.com/[email protected]/
