I wasn't trying to start a fight. Perhaps I didn't provide enough detail.
We have 2843 authoritative zones. We run a split brain DNS. The new hospitals
and other entities need to see our internal zone view once they have "joined".
So I have them forward queries during the early stages of the mer
I agree with Len. Whenever we merge a new location into our network, and the
circuit is neither fat nor reliable, I make their DNS forward queries for our
internal zones to us, keep authority for their own zones, and do recursion for
everything else. This allows us to serve the users as we slowl
Todd is correct. The GENERATE only exists on the master DNS in the zone data
file. The DNS data, as made available to the querying machines, will contain
all the individual records upon startup, on the master and all slaves.
Alan V. Shackelford Senior Systems Softwar
I had a situation a couple of days ago where a compromised machine in the DMZ
portion of my network began sending an incredible number of queries to a couple
of the primary internal DNS servers. The traffic was so intense that legitimate
queries were unable to get through, or the customer timed
This weekend my stealth master DNS went off the network for a few hours due to
a problem with some fiber. Two of my six slaves seemed to be adversely affected
by the master's outage. The expire time on my zones is a week, and we have
always believed (and in fact observed) that the zones can stay
Well said, Paul. I make my users choose between the various names for a server,
and generally publish the name that the machine actually knows itself as,
rather than any of the application names that reside there. In my opinion, the
RFC is fairly clear. And my users don't know you have added thi
6 matches
Mail list logo
