On 8/5/19 5:48 AM, Curtis Maurand wrote: > I scripted it. I can't rely on pdns replication. The supermaster > won't tell a slave to delete a zone for instance. Adding a new zone > may or may not happen properly or in a timely manner. Sometimes > transfers just don't happen and even if they do, the signed zones > won't work until they're rectified. Don't get me started on dnsdist.
On the subject of supermasters not being able to tell slaves to delete zones: This may not be too critical - for a slave server to have knowledge of a zone for which it should no longer be authoritative for. Ultimately, if the internet roots don't point at your servers, nobody will be asking your servers for data from these zones anyways, so all you really are losing is some disk space. I wrote a script to do this which essentially walks the whole list of zones on a slave server and asks my (hidden) master whether it has an SOA for each one. If it doesn't, meaning that zone has been removed, then the script removes it from the slave. The necessity or required frequency of doing so, is debatable. My script can blast thru ~500 zones in about 8 seconds flat depending on latency from that slave to the hidden master. Mike- _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
