On 8/8/19 3:26 AM, Mike wrote:
On 8/5/19 5:48 AM, Curtis Maurand wrote:
I scripted it. I can't rely on pdns replication. The supermaster
won't tell a slave to delete a zone for instance. Adding a new zone
may or may not happen properly or in a timely manner. Sometimes
transfers just don't happen and even if they do, the signed zones
won't work until they're rectified. Don't get me started on dnsdist.
On the subject of supermasters not being able to tell slaves to delete
zones:
This may not be too critical - for a slave server to have knowledge
of a zone for which it should no longer be authoritative for.
Ultimately, if the internet roots don't point at your servers, nobody
will be asking your servers for data from these zones anyways, so all
you really are losing is some disk space. I wrote a script to do this
which essentially walks the whole list of zones on a slave server and
asks my (hidden) master whether it has an SOA for each one. If it
doesn't, meaning that zone has been removed, then the script removes it
from the slave. The necessity or required frequency of doing so, is
debatable. My script can blast thru ~500 zones in about 8 seconds flat
depending on latency from that slave to the hidden master.
Mike-
Good idea. I didn't think of doing it that way. Conversely, a good way
to check to see if a zone has actually transferred, too.
Thanks for the idea,
--Curtis
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
--
Best Regards Curtis Maurand
mailto:cur...@maurand.com
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
