Support not crossing the XFR streams
Description
Goal
Make BIND in the role of secondary to play nicely with multi-master infrastructures.
In large topologies people want to avoid SPOF anywhere in the DNS infrastructure. Other people provide tools to accept DNS UPDATE at multiple servers in parallel and then resynchronize databases using their own protocols, which is not consistent with monotonic and unique SOA SERIAL mapping to a single version of zone data.
Multi-master primaries can go up and down at any time - that's why people do want multi-master in the first place!
Problems in practice
- Replication between primaries (using proprietary protocols) takes non-zero time.
- SOA serials are generally not consistent/cannot be relied upon.
- IXFR is total mess when switching between primaries.
- AXFR and NOTIFY is unreliable - SOA serial might indicate there are no new data while there actually are.
- Primaries might do independent signing - RRSIGs inconsistent (IXFR trouble again).
Request
Extend the primaries the syntax to support sets of primaries to which server the same zone contents, and switch between them when the current set is unreachable.
Sets are needed to support topologies where BIND secondary is not speaking directly to the primaries but is somewhere deeper down in the replication tree.
Proposal:
primaries [set #] ... { ... };
Record the set number in the raw file. "255 sets must be good enough for everyone."
Caveats
- Secondaries with sets configured now require
masterfile-format raw
. - Config change might mess up mapping between primary sets and number recorded in the raw zone file.
Links / references
Who is doing multi-master, for different purposes:
- Windows Active Directory DNS - very common, does not maintain SOA serial consistency across topology.
- Some TLDs do independent DNSSEC signers to avoid SPOF.
- FreeIPA - multi-master DNS - like Windows AD but for Unix, independent DNSSEC signers (different RRSIGs on each DNS server), does not maintain strict SOA serial consistency.