Numbering nameservers and resolvers
Matthew Palmer
mpalmer at hezmatt.org
Tue Aug 17 08:53:24 UTC 2010
On Mon, Aug 16, 2010 at 06:08:02AM -0700, Owen DeLong wrote:
> On Aug 16, 2010, at 6:03 AM, Chris Adams wrote:
> > Once upon a time, Patrick W. Gilmore <patrick at ianai.net> said:
> >> 1) Use different prefixes. A single prefix going down should not kill
> >> your entire network. (Nameservers and resolvers being unreachable
> >> breaks the whole Internet as far as users are concerned.)
> >
> > How do you do this in the IPv6 world, where I get a single /32? Will
> > others accept announcements of two /33s to better handle things like
> > this?
>
> The better solution is to trade secondary services with some other
> provider. Sure, it's a bit of a pain keeping up with the new zones
> to be added and old zones to be removed back and forth, but, it's
> a great way to have your authoritative servers truly diverse and
> independent.
At $JOB[3], where I was responsible for this sort of thing, a small amount
of shell scripting behind inetd on the master[1], and slightly more shell
scripting behind cron on the secondaries[2], and all our problems were
solved for all time.
- Matt
[1] Read /etc/named/zones/* mangled the (standardised) filenames to get a
list of the zones, and dumped it on stdout, which went out on a high port
that inetd was listening on.
[2] nc to the master on the relevant high port, read the list and write out
an automated named.conf fragment. Also use a bit of md5sum to detect when
the list changed, so we know when to reload named on the slave.
[3] Subscript, not footnote.
More information about the NANOG
mailing list