Re: Dynamic updates to multiple masters

[Fred Morris]

You have more than one hypothetical problem there.

On Wed, 2 Aug 2023, Shailendra Gautam wrote:

I have four authoritative dns servers, all running in master mode for my
zone for high availability,


Can you give me the justification for why this was chosen and why it works 
in 100 words or less? I expect at least 50 words each for why it was 
chosen, and why it works. Am I bad with math?


Isn't the DNS Way to secondary zones from a master to achieve this?


I'm
trying to implement dynamic updates but I am wondering if there is any way
to avoid sending an update to each of them


Good luck with that!


Would like to know if anyone has faced this
problem before.


Don't do that if it hurts... but I'm a plumber not a doctor.

You have multiple engineering problems here. You have eschewed the "DNS 
Solution" for zone management (zone transfers). Now you want to adopt the 
DNS Solution for updates (dynamic updates).


I have engineered a solution which switched masters in the case of 
failover and it wasn't too bad, although it required restarting BIND to 
reload the config file so that nodes would know that one of them was the 
new master. There were dynamic updates, although ironically my 
recollection is that the change in config somehow addressed that (it's 
been a few years).


As for the Dynamic Updates Generally problem, have you looked at 
idempotence as a paradigm? With this idea, updates are applied to converge 
with the "ideal image" that the updater holds; hopefully your updaters 
agree on that image, otherwise you have another problem related to 
conflict resolution (or in the parlance: distributed locking).


It's a wonderful world isn't it?

Anyway, the "way out" for us, even though the scenario was in someways 
different, was idempotence: the updaters would continue to attempt to 
update whatever the master was until it conformed to their ideal image, 
and their ideal image could change in consideration of what the zone held.


--

Fred Morris, internet plumber

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Dynamic updates to multiple masters

[Matus UHLAR - fantomas]

On 02.08.23 11:53, Shailendra Gautam wrote:

I have four authoritative dns servers, all running in master mode for my
zone for high availability, currently they all pull a static zonefile. I'm
trying to implement dynamic updates but I am wondering if there is any way
to avoid sending an update to each of them, and send the update only once
and it should sync to all 4. Would like to know if anyone has faced this
problem before.


Microsoft's AD supports something like this, the domains are kind of 
synchronized between servers.


As a downside, when using AD server as primary for zones in AD, you can't 
use multiple servers as the zones are often not in sync.


I would either create hidden primary that would process dynamic updates.
For DNSSEC and inline signing, hidden primary looks as best option to me.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Dynamic updates to multiple masters

[Shailendra Gautam]

Hello,

I have four authoritative dns servers, all running in master mode for my
zone for high availability, currently they all pull a static zonefile. I'm
trying to implement dynamic updates but I am wondering if there is any way
to avoid sending an update to each of them, and send the update only once
and it should sync to all 4. Would like to know if anyone has faced this
problem before.


--
Thanks,
SG
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users