BIND9 slave

[Kevin Darcy]

George wrote:
> Hi,
>
> I am trying to set up a BIND9 slave server.
>
> >From the docs I found on the internet I can see that when you add a
> new domain it needs to be added on both slave and master in
> named.conf. Is this correct?
>
> Is there a way to make the slave server automatically get and update
> any new domains that are added to the master server?
>
>   
There's no way within the DNS protocol, or as a feature of vanilla BIND, 
to make this happen.

Folks have devised various ways to automate this. Commercial DNS systems 
often have some sort of "push" mechanism, which updates the DNS config 
file on remote sytems automatically, using their own proprietary 
protocols and subsystems (which are often used for maintaining DHCP 
configs as well).

Others mimic this basic approach in their own homegrown systems by 
having a central slave config and then replicating it out to all of the 
slaves (e.g. using rsync), along with some way to tell each slave to 
reload the config when it changes (e.g. rndc).

Or, you can run a script on the slaves which consults some centralized 
"zone slaving database" to determine what zones to slave, or to stop 
slaving. This "zone slaving database" can take many forms. One idea is 
to represent this list as a special zone within DNS itself, containing 
just one entry per zone to be slaved. I prefer using PTR records for 
this, over, say, TXT records, since PTR records can benefit from label 
compression.

How one interprets that special "zone slaving zone" and 
populates/modifies/regenerates the named.conf to reflect the slave-zone 
definitions at any particular time, is left as an exercise to the 
reader. Unfortunately, I can't share any code, since it's all 
intellectual property of my employer...

- Kevin