[nsd-users] Multi-master mode NSD

Peter Hessler phessler at theapt.org
Fri Jan 27 10:17:33 UTC 2012

Stupid question, have you considered syncing all of the publicly listed
masters, from a "hidden master"?

This technique is used in many places, and fullfills some of your
requirements.  It also allows you to provide much more protection
on the master, since the only connections will be from known hosts.

On 2012 Jan 27 (Fri) at 09:42:11 +0000 (+0000), Rick van Rein wrote:
:I am setting up NSD on systems that I intend to replicate
:to locations.  Due to replication, the distinction between
:a master and slave, and whether it is needed, becomes
:interesting.  It got me thinking that multi-master mode DNS
:could be possible.  And as far as I can see, NSD3 can, or
:can almost, support this mode of operation.  Has anyone
:tried this before?
:--> But why?
:You might wonder why multi-master mode is a good idea.  I
:think it can be useful because it limits the dependency on
:a single master (which effictively is a single point of
:failure).  Of course there should be a replicated version
:of the signing infra as well.
:Additional places where this might be interesting is when
:a DNSSEC signer is added to the master mix; when it starts
:exporting signed zones it could be picked up by name servers,
:simply because the SOA serial number of the signed zone is
:higher.  IOW -- it aids simplicity of DNS infrastructure
:(but it also looks at it in a different manner, which may
:take some getting used to).

It will be advantageous to cross the great stream ... the Dragon is on
the wing in the Sky ... the Great Man rouses himself to his Work.

More information about the nsd-users mailing list