how to list ALL zones of my master server

Kevin Darcy kcd at daimlerchrysler.com
Wed Oct 2 03:08:02 UTC 2002 

Danny Mayer wrote:

> At 05:06 PM 9/30/02, Jim Reid wrote:
> >Well for starters the NOTIFY protocol was not intended to do such a
> >thing. If someone wants a DNS provisioning protocol to add/remove
> >zones or change zone-specific configuration options, why not define
> >and implement something that was properly developed for that specific
> >purpose? Why corrupt another protocol that was never intended to
> >provide that functionality?
>
> I agree. rndc is far better suited to do these things and is designed
> specifically for server management and uses TSIG for authentication.

rndc doesn't use TSIG. In fact, rndc doesn't even use the DNS protocol.
It is cryptographically secure, however, so your point is taken...

> I'd rather see an rndc command added like this:
>
> rndc addslavezone domain-name [view] {masters}
>
> Of course dealing with views could make it difficult to add the zone
> to named.conf since you couldn't just append the zone information to
> the end of it but that's no more difficult than using the NOTIFY.

I'm not sure that you understand the proposal. Probably my fault for not
making it very clear. Your comment about NOTIFY being "difficult" ("no
more difficult") leads me to believe you're viewing this as some sort of
manual operation on the administrator's part. Not so: named on the slave
would trigger off the receipt of a signed NOTIFY and automatically
configure a slave zone. This would all happen automatically without any
user intervention involved (other than the initial one-time configuration
of the facility).

> At least you would have control over who can add the zone.

NOTIFY-triggered slave-creation could be controlled by only allowing
NOTIFYs signed with certain keys to trigger the creation of the slave
zone(s). This is no less "controlled" than the rndc proposal.

Having said that, I wouldn't mind seeing an "addslavezone" capability
added to rndc. I just don't think that feature is in the same category
(manual versus automatic) as slave-creation triggered from a NOTIFY...


-Kevin

More information about the bind-users mailing list