Hi, We struggled with this issue ourselves as well for a long time.
We'd like to migrate our current setup where we (scripted) sync records from a 'master' database to the actual databases running on each nameserver, to a setup where we have one 'master' MySQL database and use MySQL replication to all the nameservers (and run them in NATIVE mode only). However, just like Fred if I understood correctly, we currently run our ns2/ns3 in SLAVE mode, and they perform AXFR's and receive NOTIFY's. We prefer to let one AXFR-server handle the AXFR's to update the 'master' database (which will then replicate to all nameservers). But there has to be something to forward the incoming NOTIFY's on the nameservers running in NATIVE mode, to the AXFR server so that can actually perform the transfer at that point (and not have to wait until slave-cycle-interval,etc). Best regards, Wouter From: [email protected] [mailto:[email protected]] On Behalf Of Gary Shaver Sent: Friday, July 06, 2012 16:05 To: [email protected] Subject: Re: [Pdns-users] pdns & nproxy Hi Bert, Fred, List, An anycasted nameserver cluster could benefit from this. Initiating an axfr from from a nameserver that is not topologically closest to the master just results in a failed axfr attempt since the answer does not come back to the slave making the initial request. Gary Shaver Hurricane Electric bert hubert<mailto:[email protected]> July 5, 2012 3:00 PM Interesting. The original use case was where the outside world would never be talking to that master, or at least not taking the initiative to do so. So the outside world would think the nproxy IP address was the slave, and nproxy would then relay that to the real slave, which would reach out over TCP to make it happen. I think some NAT trick is used to make sure that the outgoing traffic appears as the address that was notified. If you want to have this integrated, what exactly is your use case? Better protection for the hidden master? Please don't get me wrong, I get the impression what you want is reasonable, but I can't quite wrap my head around your exact requirements. Please let us know! Bert PowerDNS _______________________________________________ Pdns-users mailing list [email protected]<mailto:[email protected]> http://mailman.powerdns.com/mailman/listinfo/pdns-users !DSPAM:4ff60e6d270271029916480! Fred Wittekind<mailto:[email protected]> July 5, 2012 11:18 AM I'm working on deploying pdns, and we had intended to use native replication (mysql-replication). Our idea was to have one master dns server that sits behind a firewall, and our public facing servers replicate from it. This works well for 90%+ of the domains we host. We do have a few we have to slave from our clients though. My original plan was to have nproxy sit on the public facing name servers to forward the notify to the master dns server behind the firewall, the master then does the axfr from our client's server, populates mysql with the new zone info, that then replicates out to the public facing servers. Then I got this error when trying to start nproxy (IP address censored): nproxy: Fatal: Binding socket for incoming packets to 'a.b.c.d:53': Address already in use Which of course makes sense after seeing it, pdns is already binding to the same IP/port. So, my question is this... Can the functionality of nproxy be rolled into pdns so that pdns itself can forward the notify to another instance of pdns (on the master server), or can nproxy and pdns be made to work on the same IP. I looked into trying to see if I could get iptables to split out the notify messages to a different destination IP so I could put nproxy on a different IP than pdns, but, I didn't figure out a good (reliable) way to do this. Any help would be appreciated. Fred Wittekind !DSPAM:4ff5da85151923326710967! _______________________________________________ Pdns-users mailing list [email protected]<mailto:[email protected]> http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
