<quote who="Michael D. Schleif"> > > jernej horvat wrote:
> ``Zone transfers are an archaic alternative mechanism for copying > DNS information. Instead of immediately sending new data to the > slaves, you run a zone-transfer service that accepts periodic > connections from the slaves; your users complain while they're > waiting for the slaves to check for new data. The zone-transfer i may be missing the point here, but in BIND 8 the 'also-notify' command combined with notify yes option for me insures instantaneous transfers to all the slave servers. at my company i have 1 master and about 7 slave nameservers spread accross the various offices/regions, after i added the also-notify options with the ips of the slave nameservers zone transfers were immediate. before adding the also-notify bind only notified one or 2 of the nameservers in the allow-transfer ACL. works extremely well. now this does NOT work in some cases where you may have an ISP slave off of you, some systems only do zone transfers at specific times but that is a administrative decision(probably a good one for the larger isps). if you control both master and slave though its quite possible. i restrict zone transfers because there is no need for anyone other then the slave nameservers to do a zone transfer. that and a couple years ago there was a DOS against bind 8 that could be triggered by hosts that were able to do a zone transfer(this is long fixed of course..). nate