Re: DNS behind a firewall with multiple domains?

[Bennett Todd <bet () newritz mordor net>]

1999-03-15-18:40:47 Joseph S D Yao:
> Previously, somebody had tried a "universal secondary", but it got stale and
> corrupted the DNS supply - sites were getting new designated baby seals that
> didn't know to update serial numbers when they updated their DNS.

I may be about to reveal to the world that I don't completely understand
DNS, but... how does the "universal secondary" make the problem of
improperly-maintained DNS data worse? What with cacheing servers (which
should be in widespread use anywhere people are rolling out DNS) and serious
secondaries for redundancy, I'd think that a universal secondary (or, if I
were setting it up, a couple of them) wouldn't make things any worse.

If you've got people administering DNS who can't do it right, perhaps they
need a helper script. Besides bumping the serial number, it could do some
really really aggressive error-checking, then maybe check the zone file into
RCS or CVS before letting bind see it. Heck, for serious clever, could you
maybe even teach it to watch named's logfile after a checkin, while running
some test queries, and back out the upgrade if named is whining?

-Bennett