Can you have multiple writable, authoritative BIND DNS servers for the same zone, like AD-integrated DNS?
Solution 1
No. Standard DNS protocol has no mechanism for Multi master replication. AD DNS works by not doing DNS replication at all - what you mean Feature wise relies on AD providing the replication.
DNS basically assumes you have a master. Now, seriously, though - in the typical Environments this is TOTALLY enough - only when you have tons of updates (like a Company Network) are you running into possible issues.
Solution 2
AD-Integrated zones are stored in the AD database (the actual AD partition they are stored in will vary depending on the scope of replication selected for the zone). As such, each participating DC is authoritative for it's copy of the zone just as each DC is authoritative for it's copy of the other AD partitions. DNS zone replication is a function of AD replication. From the perspective of the DC, the DNS zone is simply another AD partition to be replicated along with the other AD partitions.
Solution 3
Your problem description makes it sound as though what you really want is a multi-master setup (though you don't say why -- it might be possible to more usefully advise you if you tell us why you don't want to use a master/slave setup.)
However, just to clarify the use of terminology in your title question, you asked:
"Can you have multiple authoritative BIND DNS servers for the same zone, like AD-integrated DNS?"
The literal answer to that question is "yes." Slave servers are also authoritative servers for the zones they slave. It doesn't matter that they are not the origin point for new configuration information being added to the zone; the data that is served by slaves is considered authoritative and the AA (Authoritative Answer) flag is set on responses that come from slave servers.
So if your question is actually about authoritative data and you are not accidentally misusing the term to represent another concept, then the answer to your question is actually "yes" and configuration is trivial. I suspect, however, that that's not what you are looking for.
Solution 4
how about hosting /etc/bind/ on a GFS2/DRBD distributed filesystem , with the SOA reflecting all the NS in the zone , each BIND would be master on their own replicated local zones
Related videos on Youtube
09 : 21
12 : 32
18 : 22
06 : 05
02 : 20
Jeremy Holovacs
I am a professional geek, involved with multiple facets of software engineering. Security, scalability, performance, and usability are all key factors in all my products.
Updated on September 18, 2022Comments
-
Jeremy Holovacs almost 2 years
In an AD-integrated DNS system, there really isn't a concept of one "Master" DNS server; all AD-integrated zones are authoritative and updatable across all DNS servers, and send updates to each other on a regular basis.
Is there a similar methodology/ option/ capability in BIND? All I read about is setting up master/ slave but I don't want to do that.
-
Jeremy Holovacs over 11 yearsHmm... no DFS-like mechanism for BIND, huh? That makes me sad.
-
Jeremy Holovacs over 11 yearsThere seems to be some work on an LDAP back-end for BIND9. I think I will look into that.
-
Jeremy Holovacs over 11 yearsYou are correct; I worded it poorly. I will fix that.
-
Michael McNally over 11 yearsThe question still has some ambiguity, as there is nothing stopping you from having multiple, "writable", authoritative servers for a zone. Unfortunately, however, they will not share updates with one another, except for master to slave, so that's almost certainly not what you mean (or want.) Currently BIND does not support multi-master. It's a feature being considered for inclusion in future versions but we haven't added it yet. -
Jeremy Holovacs over 11 yearsI think it's pretty clear now, the "like AD-integrated" pretty much sets the context of the question, and the details spell out the context further.