RFC 3258 (rfc3258) - Page 2 of 11
Distributing Authoritative Name Servers via Shared Unicast Addresses
Alternative Format: Original Text Document
RFC 3258 Distributing Authoritative Name Servers April 2002
2. Architecture
2.1 Server Requirements
Operators of authoritative name servers may wish to refer to
[SECONDARY] and [ROOT] for general guidance on appropriate practice
for authoritative name servers. In addition to proper configuration
as a standard authoritative name server, each of the hosts
participating in a shared-unicast system should be configured with
two network interfaces. These interfaces may be either two physical
interfaces or one physical interface mapped to two logical
interfaces. One of the network interfaces should use the IPv4 shared
unicast address associated with the authoritative name server. The
other interface, referred to as the administrative interface below,
should use a distinct IPv4 address specific to that host. The host
should respond to DNS queries only on the shared-unicast interface.
In order to provide the most consistent set of responses from the
mesh of anycast hosts, it is good practice to limit responses on that
interface to zones for which the host is authoritative.
2.2 Zone file delivery
In order to minimize the risk of man-in-the-middle attacks, zone
files should be delivered to the administrative interface of the
servers participating in the mesh. Secure file transfer methods and
strong authentication should be used for all transfers. If the hosts
in the mesh make their zones available for zone transfer, the
administrative interfaces should be used for those transfers as well,
in order to avoid the problems with potential routing changes for TCP
traffic noted in section 2.5 below.
2.3 Synchronization
Authoritative name servers may be loosely or tightly synchronized,
depending on the practices set by the operating organization. As
noted below in section 4.1.2, lack of synchronization among servers
using the same shared unicast address could create problems for some
users of this service. In order to minimize that risk, switch-overs
from one data set to another data set should be coordinated as much
as possible. The use of synchronized clocks on the participating
hosts and set times for switch-overs provides a basic level of
coordination. A more complete coordination process would involve:
a) receipt of zones at a distribution host
b) confirmation of the integrity of zones received
c) distribution of the zones to all of the servers in the mesh
d) confirmation of the integrity of the zones at each server
Hardie Informational