I just had to guide a friend of mine trough the setup of a ‘hidden primary’ or ‘hidden master’ via mail, so I thought I’d also post a quick summary here to keep my blog alive
First off: A ‘hidden primary’ setup, uses one server for all zone-file changes that isn’t listed anywhere and doesn’t get any queries from clients, and two or more ‘slaves’ that do the actual work. Have a look at this example zone-file:
1 2 3 4 5 6 7 8 9 10 11 |
$ORIGIN unixhosts.org.
unixhosts.org. IN SOA amy.unixhosts.org. hostmaster.unixhosts.org. (
201102111 ; serial
3h ; refresh
1m ; retry
1w ; expire
1m) ; minimum
IN NS ns.inwx.de.
IN NS ns2.inwx.de.
IN NS ns3.inwx.de.
|
The host amy.unixhosts.org is my ‘hidden primary’. As you can see, it’s not listed as NS, so it won’t get queries from actual client resolvers. ns[2,3].inwx.de are my name-servers for this zone, configured as slaves.
The ‘hidden primary’ config looks like:
1 2 3 4 5 6 |
zone "unixhosts.org" {
type master;
file "master/unixhosts.org";
allow-transfer { unixhosts; inwx; };
also-notify { 10.0.1.1; 10.0.2.1; 10.0.3.1; };
};
|
Whereas a ‘slave’ config looks like:
1 2 3 4 5 6 |
zone "unixhosts.org" {
type slave;
file "slave/unixhosts.org";
masters { 10.0.0.1; };
allow-transfer { clients; };
};
|
If your Infrastructure isn’t large enough to take responsibility for 3 public DNS servers, you might want to have a look at InterNetworX. I’m running their servers as ‘slaves’ for a few months now. Their support team is great and I haven’t had any issue within years!
