Hi, I’m trying to determine whether our DNS synchronization is behaving correctly or not. Here’s what we have
ns1
ns2,
ns3(ns4)
ns5
ns1, ns2, ns3, and ns5 are also hosting servers and so zones are authoritative on these systems. ns4 is clustered with ns3 so it should be identical to ns3.
ns1 and ns2 listen for updates from ns3(ns4)
ns2 listens for updates on ns1
ns3(ns4) listens for updates from ns1,ns2, and ns5
Questions:
- When a DNS server publishes changes, does it only publish changes for which it is the authority? Or does it publish changes it has received from other authoritative servers as well?
for example: if a change is made on ns3(ns4), ns1 will receive the update. Because ns1 publishes changes to ns2, will ns2 also receive the changes made on ns3(ns4)? or does ns2 need to receive the update directly from ns3(ns4)?
- Is there any risk to having servers receive the same update from more than one server?
Specifically, what I’m seeing that I think I shouldn’t be seeing is that a domain created on ns3(ns4) is not having DNS records propagated to ns2 even though I see the changes on ns1, and ns1 is setup as a publisher to ns2.
and separately, ns1, ns3, ns4, and ns5 provide the proper response when querying for a domain created on ns5, but ns2 does not.
Ns2 does however provide the proper response when queried for domains which it is authoritative, or domains for which ns1 is authoritative.
The above would have me thinking that each listener needs to receive changes directly from the authoritative server - except that a change made on ns5 and only published to itself and ns3 is also available on ns1.
Any insight to the above questions would be appreciated.