Bind99 and a slave named server

Alan Clegg alan at clegg.com
Tue Aug 20 20:38:40 UTC 2013 

On Aug 20, 2013, at 2:36 PM, LuKreme <kremels at kreme.com> wrote:

> 
> On 18 Aug 2013, at 19:20 , Noel Butler <noel.butler at ausics.net> wrote:
> 
>> As has been said already, there is really very little to it, and unless you sent it to Alan off-list, you still have  _NOT_  provided the error logs after being asked by more than one person.
> 
> Thanks, I thought I was clear.
> 
> I am *not* getting any errors, so there are no error logs. However, I am currently running each server as a master.

You started this thread with "I was getting errors so I switched to all masters" -- we wanted to help you fix the initial problem.  We've now gone off on a "don't fix the old stuff, make new stuff work" tangent, so, never mind about the error messages.

> What I am looking for is something (docs, a writeup, a how-to, anything) on converting a master bind 9.9 server to a slave bind 9.9 server. I see a lot on converting a slave to a master.

You don't find anything, because it's so easy:

To convert master to slave:

if you have:

zone example.com {
	type master;			// I own this.
	file "files/example.com";	// Here's where I read them from
};

it will become:

zone example.com {
	type slave;			// Now a slave
	file "files/example.com";	// Must now be writable by BIND
	masters { 192.168.1.1; };	// IP address of master server here
};

Bazinga!

> 1. RAW versus TEXT
> 2. allow transfer
> 3. notify
> 4. key files<1>
> 5. dnssec-enable
> 6. managed-keys

1:  you don't care, as the new slave will xfer over the old data
2:  read the documentation, it's not part of master/slave transition, setup good acls
3:  notify just works unless you have odd configuration
4:  you don't want the same key files on more than one server
5:  not related to master/slave, just leave it enabled
6:  that's dnssec-validation related

If you have any specific questions on these items, ask them, otherwise there are a number of classes around (I teach one of them, several other people on the list [that have responded to you, if I remember right] also teach them) and I would recommend either a class or a book (again, several come to mind).

A fantastic (free) resource is:  http://www.zytrax.com/books/dns/

> and any changes in how root servers are setup since I am pretty sure that has changed since I first setup bind 9.1 many eons ago (2002?).

If you are Internet visible, you don't do anything with configuring anything about the roots, as it "just works" (compiled into bind since 9.3ish).

AlanC
-- 
Alan Clegg | +1-919-355-8851 | alan at clegg.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130820/bb817fcb/attachment.bin>

More information about the bind-users mailing list