So, if we want centralized management (would be nice), just
setup a master server with each seperate domain as a forward and
reverse zone, and setup all the the other servers as slaves to
that master?
Why need so many slaves at all?
You can either just do away with them (point your schools to your
DNS server on the WAN) or have them resolve through to your
Masters.
I'm assuming that this would only be if we are not forwarding on
the master? We don't want to forward to a forwarder, do we?
The concepts of masters are unrelated to forwarding. They're
unrelated to being authoritative as well, though that's not always
as obvious.
DNS is a recursive system. Just about everything needs to forward
its requests to something else, unless you have a very, very small
DNS universe. Using forwarders just defines where you send your
requests. If you've got forwarder's defined then all the requests
that the current DNS server isn't authoratative for, or aren't
currently cached, will get sent to the forwarders for further
resolution.
I guess I'm taking DNS & Bind too literally: 4th Edition, page 267:
"Avoid chaining your forwarders. Don't configure name server A to
forward to server B, and server B to forward to server C..."
Well that's a long chain, but having each school's DNS server merely
forwarding to your main DNS server isn't terrible at all.
I'm only talking about our one, internal domain, here, so it still
sounds to me like we shouldn't be forwarding from any server inside
our domain to another, but set them up as master/slaves.
Master/Slaves are a completely different concept than forwarding.
And you can "free" all those nasty slaves and save the zone transfer
headaches by just having each school forward instead and use long
TTLs so the caching sticks for a while.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.iwiring.net/
email@hidden http://www.ustsvs.com/
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
