How can I setup BIND for redundancy with efficient replication?

[Kevin Darcy]

Frederic wrote:

> Thanks for your answers.
>
> I probably need to clarify a few things...
>
> The servers are on the perimeter networks (2 different sites). Some
> act as straigth firewalls, others as reverse caching proxies, forward
> caching proxies, vpn servers, smtp relays, or a combination of those.
> The OS is win2k because we are using Microsoft ISA Server.
>
> ( On a side note, I was initially going to use OpenBSD, but I was
> approached by Microsoft to provide some feedback on ISA server. I was
> very impressed by their product and as we got free licenses to use it
> on all our servers, I went with it 2 years ago; so far no regrets )
>
> The backend is running Active Directory and we I Windows DNS there. I
> can open any port I want on the BIND/ISA servers, so configuring them
> to get updates from Windows 2000 AD DNS servers is no problem. However
> that is not an option as I do not have enough trust in AD to let it
> manage our public DNS zones. When AD goes wrong it really goes wrong,
> trust me.
>
> I can open ports for ssh, sftp, rndc, that's fine. What I would like
> to know is which method is
>
>   * secure
>   * works on Windows 2000
>   * easily scriptable
>   * reliable
>   * allows me to update all DNS server files from a central location
> and control BIND

I must confess that I have never a) used an alternative replication
method for DNS, or b) set up any server software on Win2K (I have a Win2K
box here at work, but I use it strictly as an end-user).

Having issued those disclaimers, I am led to believe that ssh,
BIND (specifically named and rndc) and rsync (see
http://optics.ph.unimelb.edu.au/help/rsync) all run on Win2K. In addition
to that, all you need is the rough equivalent of "cron" and you should be
able to replicate from the master to the "slaves" on a periodic basis.


- Kevin