help to find Solution for DNS

[Kevin Darcy]

Why not just send a mail message to the slaves specifying an added or removed
zone, pipe it to a program that checks the delegations and then adds or
removes the named.conf entries as necessary? It wouldn't inherently be a
security risk, since even if someone spoofed a message, the slaves wouldn't
do anything unless the delegations checked out (but of course you should do
the normal special-character, etc. checking that you would do for
*any* pipe-to-program feature).

If you wanted to keep this notification *completely* within DNS, you could
define a special TXT record that the slaves could query periodically to get a
list of recently-added or -deleted zones they should check. Once the logs
indicated that all of the slaves were transferring or no longer transferring
the zone, then the master would delete it from the list.

Both of the above assume you don't have "stealth" slaves, since such a slave
can't use delegations to decide whether or not a particular zone belongs in
its named.conf. But even if you do have stealth slaves, you could probably
develop some local conventions by which the stealth slaves could decide
whether or not they should be slave for a particular zone. This is what we do
internally.


- Kevin

payam wrote:

> Hello,
>
> i seerch to accept solution / Script  for my DNS-Problem unther Sun/unix.
>
> we habe 3 x DNS-Server ( 2 Sec. 1. Pri. )
> I try to find solution that they  update thier named.conf without
> ftp-service or something like this.
> If we update the priamery-DNS the 2 secoundry must be to update thier zone
> automaticly.
>
> i know,  that the DNS-peer do that,  but it doesn´t whitout FTP.
> I want to closed the FTP-port ( security ).
>
> The last way out ist DNS-peer, but how can i config my FTP-PORT  for only
> determine IP-Adress ?
>
> I hope, i find better solution.