HPE Community
Operating System - Linux
1753631 Members
5608 Online
108798 Solutions
New Discussion юеВ

create a stub zone on BIND9

 
SOLVED
Go to solution
'chris'
Super Advisor

тАО03-05-2009 03:25 AM

тАО03-05-2009 03:25 AM

create a stub zone on BIND9

hi

At the moment our DNS servers are authorative for the main domain via slave zones, which will be generating unnecessary replication traffic.

Howto create stub zone instead of slave zone on BIND 9.3.4?
0 Kudos
Reply
7 REPLIES 7
Ivan Ferreira
Honored Contributor

тАО03-05-2009 05:31 AM

тАО03-05-2009 05:31 AM

Solution

Re: create a stub zone on BIND9

Stub zones are used for delegation. It only transfers the NS records. I don't know your final objective, but probably you need a conditional forwarding (proxy) zone.

Just remember, that with secondary zones, you also have redundancy, and if the zones are static, then you won't get mostly traffic.

http://www.zytrax.com/books/dns/ch4/
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
'chris'
Super Advisor

тАО03-26-2009 08:54 AM

тАО03-26-2009 08:54 AM

Re: create a stub zone on BIND9

thx, I've created a forward zone:

zone "mydomain.net" {
type forward;
forwarders {
10.10.100.3;
10.10.100.4;
};
};

but my BIND seems not to cache the queries.
how to create a forward zone to cache queries in case the forwardes are unreachable?
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО03-26-2009 10:51 AM

тАО03-26-2009 10:51 AM

Re: create a stub zone on BIND9

How did you determined that is not caching requests?

NS records are not cached.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
'chris'
Super Advisor

тАО03-26-2009 03:18 PM

тАО03-26-2009 03:18 PM

Re: create a stub zone on BIND9

thx, but howto create a stub zone under BIND?
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО03-27-2009 05:34 AM

тАО03-27-2009 05:34 AM

Re: create a stub zone on BIND9

It's similar to a secondary zone:

zone domain_name IN {
type stub;
file path_name;
masters { ip_addr; } ;
};
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
'chris'
Super Advisor

тАО03-29-2009 08:46 AM

тАО03-29-2009 08:46 AM

Re: create a stub zone on BIND9

thx, but do I get more redundancy and less synchronisation traffic with the stub instead of secondary zone?
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО03-30-2009 01:36 AM

тАО03-30-2009 01:36 AM

Re: create a stub zone on BIND9

A stub zone does not give you any meaningful redundancy. It only replicates the NS records from the zone's master server, so that your server knows where to refer the queries to. Anything beyond that is caching.

If there is a network problem, the data you'll need may or may not be in the cache, depending on previous traffic and TTL values.

Slave zones are the only way to guarantee that your server has a full up-to-date copy of the master server's zone. If the amount of replication traffic is a problem, you should examine the reasons for it.

If the replication traffic is caused by a large number of dynamic DNS updates, you should consider putting the workstations (which usually create the most of the DNS updates) into a separate zone (a sub-domain). Then you can be a slave for the zone that has the server addresses only.

If there are not that much DDNS updates, another reason for excessive replication traffic might be poorly-chosen time values in the SOA record of the zone. These values determine how often the slaves check if the master zone has been updated. If your master server can send DNS NOTIFY messages to the slaves, you can set the update-check timeouts to reasonably large values.

Does your master server support incremental DNS zone transfers (RFC 1995, IXFR)? If it doesn't, any change in the domain causes the slaves to transfer the entire zone file from the master. If incremental zone transfers are supported, only the changes are transferred. That should cut back the amount of zone transfer traffic.

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.