Re: Master server offline
In article mailman.1415.1273200624.21153.bind-us...@lists.isc.org, Bruce Ray bruce@zionsbancorp.com wrote: You have until the expiry counter expires for a given zone. We typically run our expiries at a week to allow for this type of failure. Make them 10 days - that way you can break things on a Friday, have a week off and then fix them again on the Monday morning you come back. Sam ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
On May 7 2010, Peter Laws wrote: On 05/07/10 06:49, Chris Thompson wrote: Sure - just step into your time machine, go back to before the master server died, and increase the SOA.expire value there so that it gets propagated to the slave(s) in time. If he has a small number of slaves, the OP may not need a Tardis. It's possible to just edit the cache files. It's UGLY, you need to make sure you hit all the slaves, and they will get overwritten the instant your master returns from the dead ... but that latter's a good thing. If you do this, you need to restart BIND on the slave to have it notice the change. Similarly you can touch the zone file to make BIND think it has verified up-to-dateness of the zone more recently than it actually has, but the same caveat applies. BIND thinks that it is in total control of the zone files for type slave zones, so it doesn't look at them except at startup. -- Chris Thompson University of Cambridge Computing Service, Email: c...@ucs.cam.ac.ukNew Museums Site, Cambridge CB2 3QH, Phone: +44 1223 334715 United Kingdom. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
On May 7 2010, Dave Filchak wrote: Well, my SOA Expires are set to 604800 (1 week ). Can I change those to four weeks to give us some time. Sure - just step into your time machine, go back to before the master server died, and increase the SOA.expire value there so that it gets propagated to the slave(s) in time. If your disaster recovery plan doesn't include use of a time machine, then you need to set SOA.expire large enough that you will have time to execute the next stage of the plan before the copies expire - convert a slave to be master, re-incarnate the master on new (possibly virtual) hardware, or whatever. BTW, there is an interaction with DNSSEC in setting a large SOA.expire value for a signed zone. You don't want your slaves to be serving expired signatures even if the zone copy is not expired, so you should arrange that resigning occurs at least the SOA.expire period before the old signature is due to expire. With BIND's defaults of a 30-day signature validity period and resigning 3/4 of the way through that, an SOA.expire period of 1 week works out quite nicely. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
On 05/07/10 06:49, Chris Thompson wrote: Sure - just step into your time machine, go back to before the master server died, and increase the SOA.expire value there so that it gets propagated to the slave(s) in time. If he has a small number of slaves, the OP may not need a Tardis. It's possible to just edit the cache files. It's UGLY, you need to make sure you hit all the slaves, and they will get overwritten the instant your master returns from the dead ... but that latter's a good thing. About this master being offline for some time due to a disk failure ... that policy may need review. If the OP serves his organization's DNS, it's pretty darn critical that customers be able to resolv their DNS info. -- Peter Laws / N5UWY National Weather Center / Network Operations Center University of Oklahoma Information Technology pl...@ou.edu --- Feedback? Contact my director, Craig Cochell, cra...@ou.edu. Thank you! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
In article mailman.1428.1273241309.21153.bind-us...@lists.isc.org, Peter Laws pl...@ou.edu wrote: On 05/07/10 06:49, Chris Thompson wrote: Sure - just step into your time machine, go back to before the master server died, and increase the SOA.expire value there so that it gets propagated to the slave(s) in time. If he has a small number of slaves, the OP may not need a Tardis. It's possible to just edit the cache files. It's UGLY, you need to make sure you hit all the slaves, and they will get overwritten the instant your master returns from the dead ... but that latter's a good thing. They'll only be overwritten if the serial number on the master increases. About this master being offline for some time due to a disk failure ... that policy may need review. If the OP serves his organization's DNS, it's pretty darn critical that customers be able to resolv their DNS info. That's why there are slaves. -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
You have until the expiry counter expires for a given zone. We typically run our expiries at a week to allow for this type of failure. From: bind-users-bounces+bruce.ray=zionsbancorp@lists.isc.org bind-users-bounces+bruce.ray=zionsbancorp@lists.isc.org To: bind-users@lists.isc.org bind-users@lists.isc.org Sent: Thu May 06 21:37:35 2010 Subject: Master server offline Our master server machine had a drive failure and looks like it will be offline for some time. Somewhere in the back of my mind, I thought I remembered that something bad can happen to the dns resolution for your zones if the master is offline for too long. Is there anything to this or am I just dreaming? As long as the secondary can answer request, we should be ok? Cheers, Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
Actually speaking without thinking is bad. It's the expire timer in the SOA not the refresh. On Thu, May 6, 2010 at 10:37 PM, Dave Filchak sub...@zuka.net wrote: Our master server machine had a drive failure and looks like it will be offline for some time. Somewhere in the back of my mind, I thought I remembered that something bad can happen to the dns resolution for your zones if the master is offline for too long. Is there anything to this or am I just dreaming? As long as the secondary can answer request, we should be ok? Cheers, Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- -Ben Croswell ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
If your secondaries can't reach the primary for the period of time you have in your SOAs for refresh the secondaries wills top answering. -- -Ben Croswell On Thu, May 6, 2010 at 10:37 PM, Dave Filchak sub...@zuka.net wrote: Our master server machine had a drive failure and looks like it will be offline for some time. Somewhere in the back of my mind, I thought I remembered that something bad can happen to the dns resolution for your zones if the master is offline for too long. Is there anything to this or am I just dreaming? As long as the secondary can answer request, we should be ok? Cheers, Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
On Thu, 2010-05-06 at 22:37 -0400, Dave Filchak wrote: Our master server machine had a drive failure and looks like it will be offline for some time. Somewhere in the back of my mind, I thought I remembered that something bad can happen to the dns resolution for your zones if the master is offline for too long. Is there anything to this or am I just dreaming? As long as the secondary can answer request, we should be ok? Depends on your SOA expire timeout, most use 4 weeks, IIRC a slave will cease to serve if it can't get an update after then. But, if you can not replace a server within 4 weeks, your organisation has much bigger problems. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
Secondaries need to 'know' that this old sec is now a master as well.
DNS is kind of critical (unless your internet presence is not important), so
... Knowing nothing about you org... Would rec that you priortise fixing DNS
pretty highly.
--
-___
David Miller
Tiggee LLC
dmil...@tiggee.com
On May 6, 2010 23:23, Barry Margolin lt;bar...@alum.mit.edugt; wrote:
In article lt;mailman.1415.1273200624.21153.bind-us...@lists.isc.orggt;,
Bruce Ray lt;bruce@zionsbancorp.comgt; wrote:
gt; You have until the expiry counter expires for a given zone.
gt;
gt; We typically run our expiries at a week to allow for this type of failure.
You can easily turn a slave into a master. Just go into its named.conf
file, change type slave to type master and comment out the masters
{...} clause.
gt;
gt;
gt; From: bind-users-bounces+bruce.ray=zionsbancorp@lists.isc.org
gt; lt;bind-users-bounces+bruce.ray=zionsbancorp@lists.isc.orggt;
gt; To: bind-users@lists.isc.org lt;bind-users@lists.isc.orggt;
gt; Sent: Thu May 06 21:37:35 2010
gt; Subject: Master server offline
gt;
gt; Our master server machine had a drive failure and looks like it will be
gt; offline for some time. Somewhere in the back of my mind, I thought I
gt; remembered that something bad can happen to the dns resolution for your
zones
gt; if the master is offline for too long. Is there anything to this or am I
just
gt; dreaming? As long as the secondary can answer request, we should be ok?
gt;
gt; Cheers,
gt;
gt; Dave
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
In article mailman.1421.1273202620.21153.bind-us...@lists.isc.org,
Dave Filchak sub...@zuka.net wrote:
I was thinking that as well ... would probably be the easiest and then
switch it back later. However, I would have to change my glue record at
the registrar as well ... no?
The glue records don't distinguish between masters and slaves.
But it would be a good idea to remove a server from delegation if it's
not going to respond.
On 06/05/10 11:19 PM, Barry Margolin wrote:
In articlemailman.1415.1273200624.21153.bind-us...@lists.isc.org,
Bruce Raybruce@zionsbancorp.com wrote:
You have until the expiry counter expires for a given zone.
We typically run our expiries at a week to allow for this type of failure.
You can easily turn a slave into a master. Just go into its named.conf
file, change type slave to type master and comment out the masters
{...} clause.
From: bind-users-bounces+bruce.ray=zionsbancorp@lists.isc.org
bind-users-bounces+bruce.ray=zionsbancorp@lists.isc.org
To: bind-users@lists.isc.orgbind-users@lists.isc.org
Sent: Thu May 06 21:37:35 2010
Subject: Master server offline
Our master server machine had a drive failure and looks like it will be
offline for some time. Somewhere in the back of my mind, I thought I
remembered that something bad can happen to the dns resolution for your
zones
if the master is offline for too long. Is there anything to this or am I
just
dreaming? As long as the secondary can answer request, we should be ok?
Cheers,
Dave
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
Please fix your mail scanner. It is breaking the headers into two parts by inserting a blank line (see below). This makes it very hard to reply to you. X-zuka-RWMailScanner-Watermark: 1273807139.93...@anxgbaayeoqp7eoxtwe51g X-zuka-RWMailScanner-From: sub...@zuka.net X-zuka-RWMailScanner-ID: A075B638001.ABE87 X-zuka-rw-MailScanner-Information: Please contact the ISP for more information In message 4be38655.9070...@zuka.net, Dave Filchak writes: Well, my SOA Expires are set to 604800 (1 week ). Can I change those to four weeks to give us some time. We are dealing with a load of other stuff at the moment (small company). Is that allowed? Dave Normally you would just turn a slave into a master and have the other slaves transfer from it if there is going to be a extended delay. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Master server offline
Dave, You are missing the X in the -zuka-rw-MailScanner: Found to be clean line. and it appears to not match the other X-zuka-RWMailScanner headers, this may lead to problems, and no doubt if you --lint mailscanner it will throw errors saying mismatch for SA. On Fri, 2010-05-07 at 13:47 +1000, Mark Andrews wrote: Please fix your mail scanner. It is breaking the headers into two parts by inserting a blank line (see below). This makes it very hard to reply to you. X-zuka-RWMailScanner-Watermark: 1273807139.93...@anxgbaayeoqp7eoxtwe51g X-zuka-RWMailScanner-From: sub...@zuka.net X-zuka-RWMailScanner-ID: A075B638001.ABE87 X-zuka-rw-MailScanner-Information: Please contact the ISP for more information In message 4be38655.9070...@zuka.net, Dave Filchak writes: Well, my SOA Expires are set to 604800 (1 week ). Can I change those to four weeks to give us some time. We are dealing with a load of other stuff at the moment (small company). Is that allowed? Dave Normally you would just turn a slave into a master and have the other slaves transfer from it if there is going to be a extended delay. Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
