ok
you have an IP addr for the 'master' dns (where you maintain your zone
file(s)) that is outside your firewall/load-balancer..
you have a cluster of NAT'd dns servers..
how about this (purely conjecture):
setup one 'slave' dns inside your farm (10.y.z.53) and get (somehow <-:)
traffic to it from your zone master ( to xchange NOTIFY's and XFER's)
zones on the outside-master:named.conf have a slave at a
port-forwarded/NAT'd/trans-firewall-routable address that ends up at
x.y.z.53:53 so slave-master and zone-master exchange NOTIFY's (one slave
configured for zone in master:named.conf)
setup named.conf zones on your 'slave-master' to "also-notify x.y.z.54
x.y.z.55 x.y.z 56 ... " (check syntax.. might be also-notify = " xxx ") so
your masq'd dns machines will get their notify's and zone-exchanges from
the 'slave-master'..
just a thought.. it's still a hack..
I'm interested to know if the 'slave-master' will send NOTIFY's to its
zone-slaves if/when it reloads a zone from the 'master'.
Brian Edmonds wrote:
> "Matthew S. Crocker" <matthew@xxxxxxxxxxx> writes:
> > Why use NAT for this? Why not use DD with all the machines real IP's
> > on 192.168.1.x addresses and only the VIP real you can set up a
> > cluster so only the VIP is accessable from the outside world.
>
> Sorry, but I have no idea what you're talking about. What is DD? And
> if the real servers are on 192.168.x.y, then how does one access them
> from outside without NAT?
>
> What I plan to do is have N DNS servers inside an LVS farm, addressed in
> the 10.x.y.z range, with two virtual IP addresses that map to them
> (since most registries require two NS IPs). I want to figure out the
> least hackish way to get notifies from the master DNS server (outside
> the LVS farm, and not an officially listed NS) to the slaves (inside the
> LVS farm).
>
> Brian.
>
|