[Pdns-users] Zone Transfers
Mike
mike+lists at yourtownonline.com
Thu Aug 8 07:26:05 UTC 2019
On 8/5/19 5:48 AM, Curtis Maurand wrote:
> I scripted it. I can't rely on pdns replication. The supermaster
> won't tell a slave to delete a zone for instance. Adding a new zone
> may or may not happen properly or in a timely manner. Sometimes
> transfers just don't happen and even if they do, the signed zones
> won't work until they're rectified. Don't get me started on dnsdist.
On the subject of supermasters not being able to tell slaves to delete
zones:
This may not be too critical - for a slave server to have knowledge
of a zone for which it should no longer be authoritative for.
Ultimately, if the internet roots don't point at your servers, nobody
will be asking your servers for data from these zones anyways, so all
you really are losing is some disk space. I wrote a script to do this
which essentially walks the whole list of zones on a slave server and
asks my (hidden) master whether it has an SOA for each one. If it
doesn't, meaning that zone has been removed, then the script removes it
from the slave. The necessity or required frequency of doing so, is
debatable. My script can blast thru ~500 zones in about 8 seconds flat
depending on latency from that slave to the hidden master.
Mike-
More information about the Pdns-users
mailing list