BIND9 dynamic configuration sharing from a master
Barry Finkel
b19141 at achilles.ctd.anl.gov
Wed Jan 28 15:38:33 UTC 2004
/dev/rob0 <rob0 at gmx.co.uk> wrote:
>Is there any means within BIND itself to share configuration changes at
>a master nameserver among slaves? The site I set up last week wants to
>block a blacklist of domains in DNS. I've got that all rigged up on the
>master, using an $INCLUDE in named.conf:
> $INCLUDE "/etc/named.blacklist";
>and a simple null zone file which sets SOA, NS and A records to the
>master, and then sets a similar "*" A record.
>
>I know I can rig this up manually quite easily, but I just wondered if
>there was a means to dynamically update a slave's configuration within
>BIND's own capabilities.
>
>#v+
> if \\! grep "$FEATURE" "$BIND_FEATURES" ; then
> echo "$FEATURE" >> "$BIND_WISHLIST"
> fi # to say it in sh ... :)
>#v-
>
>I think I *will* use named to signal the slave that an update is needed.
>I'll make a "dnsupdateconf" A record pointing to the master's IP, and
>set a TXT record with a timestamp of the last update. The TXT record
>will be cached on disk at the slave and compared against the output of
>"host -t TXT dnsupdateconf" in a cron job. If the TXT value changes, the
>slave retrieves /etc/named.blacklist from the master and "rndc reload".
>
>Has anyone else done something like this? Comments appreciated.
There is no way in BIND nor in the DNS protocol for a master to send
configuration updates to a slave. And I am not sure that I would
want a master to update a slave's configuration. It would require
some security checking.
> the slave retrieves /etc/named.blacklist from the master
There is no way in BIND to do this. This could be done via an
non-DNS FTP.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list