On Mon, Jul 26, 2021 at 9:55 AM Chris Wopat <m...@falz.net> wrote: > > 3) We're secondary-only to a primary server we don't manage. In our > current situation, legacy servers adns1/adns2 perform the AXFR. In the > new scenario, we want this to be hidden master ns0 and NOT ns1/ns2, > because of database read only. ns0 pdns.conf gets secondary=yes, > ns1/ns2 do not. > > Question: Will this even function if ns0 isn't listed on NS > records/whois? If not, am i forced to have all 3 servers be able to > write to the replicated DB? This seems like either it wouldn't work at > all or would cause issues over time.
I had not heard back from anyone about this, but in the meantime a fix was figured out and implemented using dnsdis (https://dnsdist.org/) on ns1/ns2 servers remain read only and send NOTIFY packets to ns0, adding ECS headers to keep originating client info intact. Full config and explanation here: https://falz.net/wiki/PowerDNS:_use_dnsdist_to_send_NOTIFY_packets_to_hidden_primary Cheers _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
