replication between primary & secondary bind servers in linux?

Ladislav Bukvicka Ladislav.Bukvicka at eunet.cz
Mon Feb 5 19:38:12 UTC 2001



Of course you can use DNS protocol. For example you can simply generate 
zone with txt records which represents your config for secondary nameserver.
For better security you can encrypt data before including them into txt records
and of course allow-transfer & query only for secondary nameserver. You can get
them again into file with host or dig utility and parse & decrypt & control
checksum & be happy ... :-)
There is only one problem - you have to run it from cron so the changes need some
time to by done on secondary.

pukvis

Bill Larson wrote:
> 
> > I don't understand what you mean by hiding my e-mail address.  This is my
> > address.  If you doubt it, then send me an e-mail and I will reply.
> 
> Son-of-a-gun, your address ***IS*** real!  Must be a fun one for the
> spammers to process.  Cute, but understandably misleading.
> 
> > The problem I see with the doing it like you said is that when I add a new
> > domain on the primary it won't replicate to the secondary--or at least
> > that's the way it seems to me since there isn't a way that the secondary
> > would know that there is a new domain on the primary.  Or at least as far as
> > I can tell.
> 
> I believe that I understand the previous confusion.  You are refering
> to the server configuration files not the zone data files.  This wasn't
> too clear, and the previous response was addressing duplication of the
> zone data (I suspect).
> 
> Please understand, the administration of master and slave name servers
> are independent of each other.  It is very possible to have two servers
> that do not provide the same information for identical zones.
> 
> As a simple example of this, every name server should be a primary name
> server for the 0.0.127.in-addr.arpa zone.  If you were to simply copy
> the configuration file from one machine to another, and then blindly
> change every "master" to "slave" (and insert the address of the master
> server for each zone), then you would be making the second server a
> slave to this 0.0.127.in-addr.arpa zone too!
> 
> I'm sure that you can get around this with intelligent enough scripts,
> but I suspect that most people simply manage the configuration files
> manually.  
> 
> As a general rule, you don't want to be using NFS over a WAN (don't 
> start about NFS3 - this is general).  If you are worried about DNS
> server replication, NFS isn't a good solution because you really want
> your servers to be geographically (network wise) separated.  This doesn't
> even begin to address the issues of security of NFS.
> 
> Think about something like SSH as a means to communicate configuration
> files between systems rather than NFS or rsh.  Then again, this type of
> automation wouldn't be too useful for many (most?) people, so you
> may be on your own with this.
> 
> Bill Larson
> 
> 
> 


-- 
 - - = = = = K P N Q w e s t  C z e c h i a  s. r. o. = = = - - 
====== ____                            = Ladislav Bukvicka ======
===== /      /   /   ___    ___  _/_  == Gen. Janouska  902 =====
==== /----  /   /  /   /  /___/  /   === Prague 9,Czech Rep. ====
=== /____  /___/  /   /  /___   /   ==== fax:+420(2) 81081082 === 
==                                 ===== tel.:+420(2) 81081081 ==
=  Connecting Europe since 1982   ====== e-mail:pukvis at eunet.cz =


More information about the bind-users mailing list