Settng up a blacklist
/dev/rob0
rob0 at gmx.co.uk
Wed May 19 19:26:09 UTC 2004
On Tuesday 18 May 2004 15:23, Kevin Darcy wrote:
> If all the zone definitions are identical except for the zone name
> and possibly the zone file name, why not just have a "special" DNS
> zone with one record per zone-to-be-slaved? The replication is then
> automatic, could be -- depending on your configuration -- incremental
> (IXFR) and, if PTR records are used instead of TXT records, could
Thanks for the suggestion. I think you suggested something similar back
in January. In some ways that might be a bit smoother, but ...
> also benefit from label compression. The slave can then check
> periodically whether its slave copy of the zone has changed, and, if
... there's still no avoiding the necessity of running a cron job on
the slaves.
> so, generate the updated zone definitions based on some sort of
> template. I'm not sure what value is gained by using wget when DNS
> already has a replication mechanism built into it...
Since the DNS master is already running an HTTP daemon, it's not an
inconvenience to use it. But if I do happen to rewrite this scheme in
the future I will do it your way. It's definitely better in that the
notify feature of BIND will propagate the zone changes immediately. But
since BIND can't trigger the external action needed to translate the
zone changes into new zones (and "rndc reload") there is fundamentally
no difference.
My way has the slight advantage of only having to maintain one copy of
the named.blacklist configuration file and the null.zone zone file.
When I change either on the master (and reset the TXT record as a
signal) the slave will get it.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the bind-users
mailing list