Handling of zone transfers and notify messages
Ted Lindgreen
ted at NLnetLabs.nl
Mon Oct 18 14:13:59 UTC 2004
It may be useful to first have consensus on what we really want.
Then we can see what we can do when our own AXFR is ready, and what
we can do in the mean time using the bind-8 AXFR.
I'll try to summarize:
Suppose we have two more zones to service, some of which comes from
elsewhere, f.i. with AXFR (but scp, rsync, whatever is also possible,
but the main thing is that we have no control over the contents).
We have 3 separate tools:
1. The AXFR (scp, rsync, whatever) tool and wrapper-script.
2. Zonec and wrapper-script.
3. The nsd daemon process.
We want 1:
- to check that the AXFR (scp,..) has succeeded and, as far as possible,
to check for syntax-errors.
- if above has failed, we want to keep the old zone-file (i.e. copy
the current zone-file to the new temp directory.
This way we make sure we have the complete set of zones.
We want either 1, 2, or 3 (??) to check whether the zone-file has
not expired. I think 1 would be best. 2 is perhaps possible.
I'd like to keep 3 as mean and lean as possible, and thus not to
clobber the daemon with it: when a zone has expired, 3 (the NSD
daemon) should just not serve it (remove AA is not suitable for an
auth-only server, and to hand out expired data is plain wrong). Meaning
that tool 1 or 2 should just delete the expired zone-file.
-- ted
More information about the nsd-users
mailing list