Why no function to automatically add new zones to slave servers?

Jeff Lightner jlightner at water.com
Wed Feb 13 13:47:01 UTC 2008 

If it is really a slave server the only thing you should have to modify
is your named.conf on the slave.   It is the named.conf that tells it
what to transfer from the master.   Typically what I do is add the zone
to the master and update its named.conf then bounce named there.  I then
add the appropriate transfer entry to named.conf on the slave and bounce
named there.   On restart of named on the slave it should transfer the
zone file from the master to the slave.

The security is setup in named.conf on each side to determine what
should be allowed to transfer zone files.


-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Sam M
Sent: Wednesday, February 13, 2008 4:10 AM
To: bind-users at isc.org
Subject: Why no function to automatically add new zones to slave
servers?

Please excuse if this is a subject that has been covered in depth
before,
but I needed to vent some frustration so here goes.

I was just wondering why there is no function in Bind to automaticly
add/signal NEW zones to slave DNS servers? 

At the moment I have to add records to a slave zones file as well as a
master zones file and transfer the slave zones file to my slave servers
using a third-party transfer method e.g sftp, https or configure the
slave
servers to transfer the slave zone file from the master server at
regular
intervals.

It seems to me this really makes things far more complex than they need
to
be. It does seem strange that such a vital part of the DNS setup
(Redundency) has been left to be bolted on in such a haphazzard way.

I've heard some mention security issues, but I don't see why that can't
be
overcome, surely it can't be as bad as having to resort to some
third-party
method which is probably more insecure than building a properly secure
method within the bind program itself.

Maybe im missing something and it can already be done like this. I know
that
some DNS server software can do this e.g. SimpleDNS on Windows.

Yours, lost and confused.

Sam
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list