Hi folks, I'm working on a project standing up new DNS servers using PowerDNS instead of bind. Various reasons to switch, but more or less this seems a lot more operator friendly with API and whatnot.
Anyhow, the 'legacy' system has 3 servers - adns0, adns1, adns2. 0 is hidden master and is where all changes are made. In this current system, 1 and 2 get updated with some scripts that manually push zone files, including named.conf, from 0 to the other servers. In our new system, we're looking to also have 3 servers with a hidden master - ns0, ns1, ns2. They're setup using MySQL replication where ns0 is the primary and ns1/ns2 are the replicas (slaves). On the replicas, we have pdns MySQL auth set to read only to ensure it only can read from db. We also have secondary=no on these servers. No domains should have 'ns0' listed on whois or NS records, but it will be the SOA MNAME in any case that we're primary (1 and 2 below) Anyhow, we have at least 3 scenarios of domains we host. 1) NS1/NS2 are authoritative + only things listed on whois. We'd edit records on NS0, which are sql replicated across NS0/1/2. This should be fine as is with zones set to NATIVE. No questions here as this seems like standard operating, but please chime in if something seems off. 2) Just like item 1), BUT the domain also has a few other nameservers are listed as NS/whois that we do not control. (ns1/ns2/someoneelse1/someoneelse2). I presume these should be set to type PRIMARY and primary=yes be in our pdns conf on ns1/ns2 (but not ns0?). Question: which nameservers send notify in this case? We'd only want ns1 and ns2 to do so, hence primary=yes. Does this seem correct? 3) We're secondary-only to a primary server we don't manage. In our current situation, legacy servers adns1/adns2 perform the AXFR. In the new scenario, we want this to be hidden master ns0 and NOT ns1/ns2, because of database read only. ns0 pdns.conf gets secondary=yes, ns1/ns2 do not. Question: Will this even function if ns0 isn't listed on NS records/whois? If not, am i forced to have all 3 servers be able to write to the replicated DB? This seems like either it wouldn't work at all or would cause issues over time. Thanks! _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users