Metazones or Something Else?

Brian Cuttler brian at wadsworth.org
Tue Aug 5 13:31:31 UTC 2014 

On Tue, Aug 05, 2014 at 09:21:07AM -0400, Brian Cuttler wrote:
> 
> rndc addzone sounds like a very interesting tool, but
> if you want an automated sync, will require something to
> read the source config of the master and then write the
> requisit slave zone information for the dns slave server(s).
> 
> Offsite slave servers will require a lot of trust.

 - I guess not just trust, but some form of ACL so that remote
   managers can add/remove/edit only certain zones. This may be
   even a larger security issue than a technical issue.

> Rsync solution for onsite servers will result in duplicate
> copies of the master or the slave, unless you automate a
> wrapper for that too (and I'm inclined to think in terms of
> # sed, which I use in a surprising number of my scripts).
> 
> On Mon, Aug 04, 2014 at 05:26:38PM +0000, Evan Hunt wrote:
> > > So to the best of your knowledge this functionality is still on drawing
> > > board, unless implemented out-of-band?  (i.e. a perl script to parse
> > > metazone.zone, and create /etc/named.d/*.conf files)
> > 
> > Or run "rndc addzone".
> > 
> > There's currently no supported way to perform in-band zone provisioning
> > via the DNS itself.  I do have access to the metazone implementation that
> > Vixie wrote his paper about, and I can send it to you if you like, but I'm
> > not sure how useful you'll find it.  There might also be some interesting
> > tricks possible with DLZ or with redhat's "dynDB" LDAP extension (which we
> > plan to include in BIND 9.11 but is currently only available as a set of
> > patches).
> > 
> > Improving DNS provisioning is a hot topic for future development, but
> > we're still just in the requirements-gathering phase.  Would you like to
> > share what it is you hope to do in more detail?
> > 
> > -- 
> > Evan Hunt -- each at isc.org
> > Internet Systems Consortium, Inc.
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> > 
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> ---
>    Brian R Cuttler                 brian.cuttler at wadsworth.org
>    Computer Systems Support        (v) 518 486-1697
>    Wadsworth Center                (f) 518 473-6384
>    NYS Department of Health        Help Desk 518 473-0773
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
---
   Brian R Cuttler                 brian.cuttler at wadsworth.org
   Computer Systems Support        (v) 518 486-1697
   Wadsworth Center                (f) 518 473-6384
   NYS Department of Health        Help Desk 518 473-0773

More information about the bind-users mailing list