how to list ALL zones of my master server

[Danny Mayer]

At 11:08 PM 10/1/02, Kevin Darcy wrote:

>Danny Mayer wrote:
>
> > At 05:06 PM 9/30/02, Jim Reid wrote:
> > >Well for starters the NOTIFY protocol was not intended to do such a
> > >thing. If someone wants a DNS provisioning protocol to add/remove
> > >zones or change zone-specific configuration options, why not define
> > >and implement something that was properly developed for that specific
> > >purpose? Why corrupt another protocol that was never intended to
> > >provide that functionality?
> >
> > I agree. rndc is far better suited to do these things and is designed
> > specifically for server management and uses TSIG for authentication.
>
>rndc doesn't use TSIG. In fact, rndc doesn't even use the DNS protocol.
>It is cryptographically secure, however, so your point is taken...

Yes, sorry, not TSIG, but it does use a key.


> > I'd rather see an rndc command added like this:
> >
> > rndc addslavezone domain-name [view] {masters}
> >
> > Of course dealing with views could make it difficult to add the zone
> > to named.conf since you couldn't just append the zone information to
> > the end of it but that's no more difficult than using the NOTIFY.
>
>I'm not sure that you understand the proposal. Probably my fault for not
>making it very clear. Your comment about NOTIFY being "difficult" ("no
>more difficult") leads me to believe you're viewing this as some sort of
>manual operation on the administrator's part. Not so: named on the slave
>would trigger off the receipt of a signed NOTIFY and automatically
>configure a slave zone. This would all happen automatically without any
>user intervention involved (other than the initial one-time configuration
>of the facility).

I wasn't being very clear myself. NOTIFY can't tell you into which view
you need to place the slave zone, so how do you add it into named.conf
and what masters should you list for it? You can create a standard name
for the zone file. The hardest part of this is figuring out were to add it
in the named.conf to put it into the correct view.

> > At least you would have control over who can add the zone.
>
>NOTIFY-triggered slave-creation could be controlled by only allowing
>NOTIFYs signed with certain keys to trigger the creation of the slave
>zone(s). This is no less "controlled" than the rndc proposal.
 >
>Having said that, I wouldn't mind seeing an "addslavezone" capability
>added to rndc. I just don't think that feature is in the same category
>(manual versus automatic) as slave-creation triggered from a NOTIFY...

Creating the master is manual too even if you are using a tool interface.
In addition the master needs the zone file created before named.conf can
be reloaded. So what's the advantage of NOTIFY? If you use a tool
interface, adding a rndc command to it should be trivial. Why mess
with a DNS protocol which can't provide all of the needed information
in the first place?

Danny