Why no function to automatically add new zones to slave servers?
Sam M
sam.m at servwise.com
Wed Feb 13 15:09:04 UTC 2008
Yes, sorry I was trying desperately to confuse everyone (and myself), I
meant copying the named.conf (We actually use a separate one we call
slavenamed.conf which is just included into the named.conf on the slave
server).
We do have the system working fine (With a few glitches being created which
are caused by our control panel not bind) it's just I feel it could all be
done in a much easier and better way and wanted to ask why it wasn't..
Regards
Sam M
> -----Original Message-----
> If it is really a slave server the only thing you should have to modify
> is your named.conf on the slave. It is the named.conf that tells it
> what to transfer from the master. Typically what I do is add the zone
> to the master and update its named.conf then bounce named there. I
> then
> add the appropriate transfer entry to named.conf on the slave and
> bounce
> named there. On restart of named on the slave it should transfer the
> zone file from the master to the slave.
>
> The security is setup in named.conf on each side to determine what
> should be allowed to transfer zone files.
>
>
> -----Original Message-----
> Please excuse if this is a subject that has been covered in depth
> before,
> but I needed to vent some frustration so here goes.
>
> I was just wondering why there is no function in Bind to automaticly
> add/signal NEW zones to slave DNS servers?
>
> At the moment I have to add records to a slave zones file as well as a
> master zones file and transfer the slave zones file to my slave servers
> using a third-party transfer method e.g sftp, https or configure the
> slave
> servers to transfer the slave zone file from the master server at
> regular
> intervals.
>
> It seems to me this really makes things far more complex than they need
> to
> be. It does seem strange that such a vital part of the DNS setup
> (Redundency) has been left to be bolted on in such a haphazzard way.
>
> I've heard some mention security issues, but I don't see why that can't
> be
> overcome, surely it can't be as bad as having to resort to some
> third-party
> method which is probably more insecure than building a properly secure
> method within the bind program itself.
>
> Maybe im missing something and it can already be done like this. I know
> that
> some DNS server software can do this e.g. SimpleDNS on Windows.
>
> Yours, lost and confused.
>
More information about the bind-users
mailing list