Re: Numbering nameservers and resolvers

[Matthew Palmer <mpalmer () hezmatt org>]

On Mon, Aug 16, 2010 at 06:08:02AM -0700, Owen DeLong wrote:
> On Aug 16, 2010, at 6:03 AM, Chris Adams wrote:
> > Once upon a time, Patrick W. Gilmore <patrick () ianai net> said:
> > > 1) Use different prefixes.  A single prefix going down should not kill
> > > your entire network.  (Nameservers and resolvers being unreachable
> > > breaks the whole Internet as far as users are concerned.)
> >
> > How do you do this in the IPv6 world, where I get a single /32?  Will
> > others accept announcements of two /33s to better handle things like
> > this?
>
> The better solution is to trade secondary services with some other
> provider. Sure, it's a bit of a pain keeping up with the new zones
> to be added and old zones to be removed back and forth, but, it's
> a great way to have your authoritative servers truly diverse and
> independent.

At $JOB[3], where I was responsible for this sort of thing, a small amount
of shell scripting behind inetd on the master[1], and slightly more shell
scripting behind cron on the secondaries[2], and all our problems were
solved for all time.

- Matt

[1] Read /etc/named/zones/* mangled the (standardised) filenames to get a
list of the zones, and dumped it on stdout, which went out on a high port
that inetd was listening on.

[2] nc to the master on the relevant high port, read the list and write out
an automated named.conf fragment.  Also use a bit of md5sum to detect when
the list changed, so we know when to reload named on the slave.

[3] Subscript, not footnote.