Numbering nameservers and resolvers

Matthew Palmer mpalmer at hezmatt.org
Tue Aug 17 03:53:24 CDT 2010


On Mon, Aug 16, 2010 at 06:08:02AM -0700, Owen DeLong wrote:
> On Aug 16, 2010, at 6:03 AM, Chris Adams wrote:
> > Once upon a time, Patrick W. Gilmore <patrick at ianai.net> said:
> >> 1) Use different prefixes.  A single prefix going down should not kill
> >> your entire network.  (Nameservers and resolvers being unreachable
> >> breaks the whole Internet as far as users are concerned.)
> > 
> > How do you do this in the IPv6 world, where I get a single /32?  Will
> > others accept announcements of two /33s to better handle things like
> > this?
> 
> The better solution is to trade secondary services with some other
> provider. Sure, it's a bit of a pain keeping up with the new zones
> to be added and old zones to be removed back and forth, but, it's
> a great way to have your authoritative servers truly diverse and
> independent.

At $JOB[3], where I was responsible for this sort of thing, a small amount
of shell scripting behind inetd on the master[1], and slightly more shell
scripting behind cron on the secondaries[2], and all our problems were
solved for all time.

- Matt

[1] Read /etc/named/zones/* mangled the (standardised) filenames to get a
list of the zones, and dumped it on stdout, which went out on a high port
that inetd was listening on.

[2] nc to the master on the relevant high port, read the list and write out
an automated named.conf fragment.  Also use a bit of md5sum to detect when
the list changed, so we know when to reload named on the slave.

[3] Subscript, not footnote.




More information about the NANOG mailing list