[Pdns-users] Hidden supermasters
Ton van Rosmalen
ton at netbase.nl
Fri Aug 6 05:54:25 UTC 2010
Hi Richard,
Richard McLean schreef:
> Hi all,
>
>
> From Stefan's answer yesterday on the AXFR question:
>
> On 06/08/2010, at 12:55 AM, Stefan Schmidt wrote:
>
>> "The set of NS records for the domain, as retrieved by the slave from the
>> supermaster, must include the name that goes with the IP address in the
>> supermaster table"
>>
>
>
> I have wondered about this. We'd love to implement a hidden supermaster type
> setup, using AXFR, which auto-updates the 4 main name servers, but is *not*
> in the list of name servers for a domain and is not publicly available. Is the
> restriction above able to be worked around or turned off?
>
No, this is not a restriction. In our setup we've added the ip address
in the supermasters-table like this:
+---------------+--------------------+----------+
| ip | nameserver | account |
+---------------+--------------------+----------+
| xx.xx.xx.xx | <name of primary server in public NS list> | internal |
The hidden master on xx.xx.xx.xx will send the update-notification to
all public ns's as listed in the zone.
The public ns's in turn will axfr the new domain from the hidden master
on it's ip.
Regards,
Ton
I'
More information about the Pdns-users
mailing list