<HTML dir=ltr><HEAD><TITLE>Re: [Pdns-users] Please validate my PowerDNS Infrastucture proposal</TITLE>
<META content="text/html; charset=unicode" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16419"></HEAD>
<BODY>
<DIV dir=ltr id=idOWAReplyText64748>
<DIV dir=ltr><FONT color=#000000 size=2 face=Arial>In a sense, you are are deploying a stealth master -- one that the outside world cannot directly query, and one that does not appear in the RRset of your domains (therefore making it "stealth"). </FONT></DIV>
<DIV dir=ltr><FONT size=2 face=Arial></FONT> </DIV>
<DIV dir=ltr><FONT size=2 face=Arial>One option:</FONT></DIV><FONT size=2 face=Arial>
<DIV dir=ltr><BR>Assuming that you are using a SQL based backend, you can make all changes on your stealth master. These changes are then replicated (using MySQL replication, etc) to the four public DNS servers. No need for AXFR zone transfers or anything.. everything is handled at the database layer.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Josh</DIV>
<DIV dir=ltr></FONT> </DIV>
<DIV dir=ltr>
<HR tabIndex=-1>
</DIV>
<DIV dir=ltr><FONT size=2 face=Tahoma><B>From:</B> pdns-users-bounces@mailman.powerdns.com on behalf of Barron, Josh<BR><B>Sent:</B> Sun 10/18/2009 5:04 PM<BR><B>To:</B> Patrick Domack; Pdns-users@mailman.powerdns.com<BR><B>Subject:</B> Re: [Pdns-users] Please validate my PowerDNS Infrastucture proposal<BR></FONT><BR></DIV></DIV>
<DIV>
<P><FONT size=2>Maybe I'm confused about the concepts.<BR>The idea is to make the publicly available name servers slaves to the master (which doesn't respond to public queries). If I use database replication, won't it just replicate the entire database, requiring all the servers to be masters?<BR><BR><BR><BR><BR>-----Original Message-----<BR>From: Patrick Domack [<A href="mailto:patrickdk@patrickdk.com">mailto:patrickdk@patrickdk.com</A>]<BR>Sent: Sun 10/18/2009 12:59 PM<BR>To: Barron, Josh<BR>Subject: Re: [Pdns-users] Please validate my PowerDNS Infrastucture proposal<BR><BR>I would question the usage of using superslave, unless you have other <BR>master servers that don't run powerdns somewhere.<BR><BR>I would personally just use the built in database replication to <BR>distribute updates, then depending on superslave, it will cause less <BR>updates to happen (just the record that changed, vs the whole domain) <BR>and is much easier to secure.<BR><BR><BR>Quoting "Barron, Josh" <jbarron@afsnetworks.com>:<BR><BR>><BR>> Hello all,<BR>><BR>> Please validate my proposed PDNS based infrastucture:<BR>><BR>> Customers (and internal support technicians) will login to "PowerDNS <BR>> on Rails" or "PowerAdmin" Frontend server. This server will host <BR>> PDNS (not PDNS-Recursor) but will not respond to DNS queries from <BR>> the Internet. Its only access from behind the firewall will be <BR>> web-based for domain administration.<BR>> 4 other servers, geographically distributed, will be used to run <BR>> PDNS and PDNS-Recursor. I would like them configured in possibly a <BR>> superslave configuration. Basically what I'm looking for is when <BR>> the "Master" server described above creates a new domain or updates <BR>> a domain, it sends notifies to the slaves to update or add the zone. <BR>> I want the name servers that respond to DNS queries to be slave <BR>> servers and precursors only to try to mitigate any possible poisoning.<BR>><BR>> What am I missing, if anything? Any feedback or suggestions, even <BR>> criticism, is welcome. We are trying to create a geographically <BR>> diverse, secure, and reliable DNS infrastructure for us and our <BR>> customers. We are migrating from a dual server setup (West running <BR>> Bind 9, East running Men&Mice).<BR>><BR>> Thanks!<BR>> -Josh<BR>> _______________________________________________<BR>> Pdns-users mailing list<BR>> Pdns-users@mailman.powerdns.com<BR>> <A href="http://mailman.powerdns.com/mailman/listinfo/pdns-users">http://mailman.powerdns.com/mailman/listinfo/pdns-users</A><BR>><BR><BR><BR><BR><BR>_______________________________________________<BR>Pdns-users mailing list<BR>Pdns-users@mailman.powerdns.com<BR><A href="http://mailman.powerdns.com/mailman/listinfo/pdns-users">http://mailman.powerdns.com/mailman/listinfo/pdns-users</A><BR></FONT></P></DIV></BODY></HTML>