Phil Mayers <p.mayers at imperial.ac.uk> wrote: > > I am wondering if it's possible to issue >1 command over the SSL control > channel? Specifically "flush" commands for >1 host. I might want to > flush anything from 1-1000 specific hosts from the cache (most commonly > 2-10) every few minutes. > ...well if all your DDNS stuff is not in your 'main' zone then you could just use 'flush_zone' instead. > I am considering a move away from this model, and was initially > reluctant to look at unbound because of the difficulty of maintaining > this stealth slave. However it then occurred to me that I could simply > "flush" the changed names inside the master update process, since I > know what they are. > We use BIND9 (pulling from LDAP) for our hidden primary, and shovel our external view zone to...well yourself and the internal view to two internal instances of NSD3. These run on the same boxes as unbound, they give our internal clients recursive action, fronted by some Cisco IOS SLB action. The NSD3 daemons are IXFRing so always have the latest copy of hosts.soas.ac.uk and unbound has a bunch of 'stub-zone' steering them at localhost (also to deal with the DNS view issue for our regular zones too). <shameless-plug> See me at Networkshop 38 showing just this! :) </shameless-plug> I'm yet to start calling regularly 'flush_zone', but it is on my todo list. Cheers  we have no DDNS entries in 'soas.ac.uk', however we do use it for 'hosts.soas.ac.uk' -- Alexander Clouter .sigmonster says: This PIZZA symbolizes my COMPLETE EMOTIONAL RECOVERY!!