[Yeti DNS Discuss] The current multi-master setup breaks NSD

Shane Kerr shane at biigroup.cn
Mon Feb 22 15:20:06 UTC 2016

Paul & all,

On 2016-02-22 03:08:49-0800 (Monday)
Paul Vixie <paul at redbarn.org> wrote:

> this doesn't seem like a bug in nsd. rather, it exposes a problem in 
> yeti mzsk. while it's true that nsd should fall back to axfr in this 
> case, that "bug" is almost unrelated to the prime case which is mzsk 
> itself. this warrants further discussion.

Yikes! I should have thought about this, having run into IXFR-related
problems with inconsistent upstreams before.

I think the immediate solution that Stephane has used is okay: switch
to AXFR-only. I think we should document that for Yeti root servers and
move on.

In the long run, I think the only solution is to change the IXFR to
delete RRSIG without checking that it matches the previous version of
the RRSIG. I don't think this a worthwhile goal, since AXFR is not
super expensive. Perhaps if ICANN achieves its goal of 10 million TLD
that will be important, but for now it's unnecessary.



More information about the discuss mailing list