Restarting bind remotly
Dickon Newman
dnewman at skylan.net
Thu Nov 6 13:38:27 UTC 2003
I thank you all for your input. The solution has been found. I had already
set an ssh tunnel (of sorts) from the one name server to the other three
before redoing this sync setup.
All I did was change it from a stop/start approach to using the ndc reload.
It is much nicer.
The only thing I had to do was change the ownership for /var/run/ndc so that
my non-root user could use it.
Dickon...
----- Original Message -----
From: "Kevin Darcy" <kcd at daimlerchrysler.com>
To: <bind-users at isc.org>
Sent: Wednesday, November 05, 2003 5:45 PM
Subject: Re: Restarting bind remotly
> Mark_Andrews at isc.org wrote:
>
> >>BIND 8's "ndc" command supports "reload" and "reload <zone>". Unlike
> >>"rndc", you can't run it directly from another box, but there's always
> >>ssh...
> >>
> >>
> >
> > Actually you can run ndc remotely. It is just not the default
> > configuration.
> >
> True, but I've never even considered that option, since
> source-address-based authentication is pretty weak. I suppose if you're
> using IPSEC or whatever...
>
>
> - Kevin
>
> >>Or, as I suggested before, just use a standard master/slave arrangement
> >>(optionally supplemented with "also-notify" if you need faster
> >>propagation of changes).
> >>
> >>
> >> - Kevin
> >>
> >>Dickon Newman wrote:
> >>
> >>
> >>
> >>>What's the best solution if we assume that I am restricted to using
BIND
> >>>version 8.3.6?
> >>>
> >>>Dickon...
> >>>
> >>>----- Original Message -----
> >>>From: "Kevin Darcy" <kcd at daimlerchrysler.com>
> >>>To: <bind-users at isc.org>
> >>>Sent: Wednesday, November 05, 2003 2:44 PM
> >>>Subject: Re: Restarting bind remotly
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>If you have many zones, then that's an even *stronger* reason to avoid
> >>>>full reloads -- do you really want your nameserver tied up reloading
> >>>>unchanged zones?
> >>>>
> >>>>I would expect that your master knows which zones have changed and
which
> >>>>have not, so why not have it issue the "rndc reload <zone>"s right
after
> >>>>the rsync?
> >>>>
> >>>>Or, even better, why not just use regular, DNS-standards-defined zone
> >>>>transfers? rsync isn't necessarily the best solution for *every*
> >>>>data-propagation requirement...
> >>>>
> >>>>
> >>>> - Kevin
> >>>>
> >>>>Dickon Newman wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>Well...we host many zones (please forgive my newb-ness)...wouldn't
this
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>be a
> >>>
> >>>
> >>>
> >>>
> >>>>>pain to have a script recognize which zone had changed and initiate a
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>zone
> >>>
> >>>
> >>>
> >>>
> >>>>>change for that particular zone?
> >>>>>
> >>>>>Please keep in mind that I want to make this as simple as possible
for my
> >>>>>co-workers who make quite a few dns changes each day.
> >>>>>
> >>>>>Dickon...
> >>>>>
> >>>>>----- Original Message -----
> >>>>>From: "Kevin Darcy" <kcd at daimlerchrysler.com>
> >>>>>To: <bind-users at isc.org>
> >>>>>Sent: Wednesday, November 05, 2003 2:16 PM
> >>>>>Subject: Re: Restarting bind remotly
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>Dickon Newman wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>Dear List,
> >>>>>>>I've tried searching online for a resolution to save having to bug
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>you..
> >>>
> >>>
> >>>
> >>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>However, I haven't had much luck.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>I have 4 primary DNS servers in various locations. They are
FreeBSD
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>based with Bind 8.3.6.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>What I want to be able to do is make dns changes on one box, then
run a
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>script to make the changes active on all 4 boxes.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>I WAS using rsync to copy this files, which is no problem. But I
don't
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>know the best way to restart named. I WAS stopping, and then
restarting
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>the
> >>>
> >>>
> >>>
> >>>
> >>>>>process. I don't want to do this anymore.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>Can anyone please offer some insight on what I should do?
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>Why do you need to do a full restart? Generally "reload <zone>" for
each
> >>>>>>changed zone is sufficient. You can do that remotely by upgrading to
> >>>>>>BIND 9 and using the "rndc" utility.
> >>>>>>
> >>>>>>
> >>>>>> - Kevin
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >--
> >Mark Andrews, Internet Software Consortium
> >1 Seymour St., Dundas Valley, NSW 2117, Australia
> >PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
> >
> >
> >
> >
> >
>
>
>
>
More information about the bind-users
mailing list