Hi Tony,
On Nov 27, 2017, at 08:22, Tony Finch <d...@dotat.at> wrote:
> Joe Abley <jab...@hopcount.ca> wrote:
>>> On Nov 23, 2017, at 12:44, Tony Finch <d...@dotat.at> wrote:
>>>
>>> It's quite difficult to have multiple masters and DNSSEC and coherent
>>> copies of the zone from all masters - i.e. more effort than just spinning
>>> up parallel instances of BIND or Knot in automatic signing mode.
>>
>> Note that I wasn't talking about multiple signers; I was talking about
>> (from the perspective of one particular slave) having multiple masters
>> available to serve precisely the same zone.
>
> A primary master is wrt a zone not a server - a zone's primary master is
> a server that's authoritative for a zone and which does not get the zone
> contents via axfr/ixfr, but instead from a master file and/or UPDATE (or
> a non-standard mechanism such as directly from a database).
That's an alluringly clear definition, but I'm not sure it matches common
understanding of the term, which I think has more to do with "single source of
truth" than with the specifics of what transport is used to provision zone data
in a server.
For example,
W <------- A -------> X
Suppose A is a source of truth for a particular zone, and that W and X obtain
zone data from A. Are you saying that if the mechanism represented by the
arrows is [AI]XFR then A is a primary master and W and X are not, whereas if
that mechanism is something else (perhaps it's rsync, with W, A and X all
configured to be masters from local zone files) then W, A and X are all primary
masters?
If A is not a nameserver but instead is a database, and the arrows represent
database replication, then W and X are primary masters but A is not?
Joe
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
