[Yeti DNS Discuss] The current multi-master setup breaks NSD

Shane Kerr shane at biigroup.cn
Mon Feb 22 15:20:06 UTC 2016


Paul & all,

On 2016-02-22 03:08:49-0800 (Monday)
Paul Vixie <paul at redbarn.org> wrote:

> this doesn't seem like a bug in nsd. rather, it exposes a problem in 
> yeti mzsk. while it's true that nsd should fall back to axfr in this 
> case, that "bug" is almost unrelated to the prime case which is mzsk 
> itself. this warrants further discussion.

Yikes! I should have thought about this, having run into IXFR-related
problems with inconsistent upstreams before.

I think the immediate solution that Stephane has used is okay: switch
to AXFR-only. I think we should document that for Yeti root servers and
move on.

In the long run, I think the only solution is to change the IXFR to
delete RRSIG without checking that it matches the previous version of
the RRSIG. I don't think this a worthwhile goal, since AXFR is not
super expensive. Perhaps if ICANN achieves its goal of 10 million TLD
that will be important, but for now it's unnecessary.

Cheers,

--
Shane





More information about the discuss mailing list