Joe Abley <jab...@hopcount.ca> wrote: > On Nov 23, 2017, at 12:44, Tony Finch <d...@dotat.at> wrote: > > > It's quite difficult to have multiple masters and DNSSEC and coherent > > copies of the zone from all masters - i.e. more effort than just spinning > > up parallel instances of BIND or Knot in automatic signing mode. > > Note that I wasn't talking about multiple signers; I was talking about > (from the perspective of one particular slave) having multiple masters > available to serve precisely the same zone.
A primary master is wrt a zone not a server - a zone's primary master is a server that's authoritative for a zone and which does not get the zone contents via axfr/ixfr, but instead from a master file and/or UPDATE (or a non-standard mechanism such as directly from a database). The term says nothing about the downstream xfer topology. You can very well having a primary master (plus backup(s)) feeding a cluster of distribution servers which in turn feed the public authoritative servers. The xfer topology doesn't have to be a tree, it doesn't even have to be an acyclic graph. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode German Bight, Humber: West becoming cyclonic 5 to 7, increasing gale 8 or severe gale 9 for a time. Moderate or rough, occasionally very rough. Rain or squally showers. Moderate or good, occasionally poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop