Auto adding slaves zones in named.conf ?

Kevin Darcy kcd at daimlerchrysler.com
Thu Aug 5 23:28:55 UTC 2004 

Ambrosa wrote:

>I have a very simple configuration.
>I have 2 DNS server running on 2 different computer (Bind9 and Linux).
>Computer [A] is the master DNS
>Computer [B] is the slave DNS
>
>Everytime I add (manually) a new master zone in [A] (editing
>/etc/named.conf) I also need to (manually) add the slave zone in [B]
>(editing /etc/named.conf).
>Then [A] transfer the zone to [B] and it's ok.
>Simple.
>But I need to modify 2 files (named.conf).
>
>Is there a way using Bind9 to make automatically changes in named.conf
>slave computer ?
>Some bind9 options ? rndc ? Or I need to make some script to copy
>[A]named.conf in [B] (rsync or scp .... every hour...) ?
>
There is no automatic mechanism for this in BIND. What some folks do is 
have a script run periodically on the master to identify all of the 
master zones, check for any changes, and if there are, push (via ssh, 
scp or whatever) out a named.conf (or a file to be included in 
named.conf) to the slave(s). You can then use rndc to make the slave 
read in the new named.conf. Some go even further than that and just set 
up all of their authoritative servers as (so-called) masters, and use 
the file-transfer and/or remote execution mechanisms exclusively (i.e. 
no more zone transfers) from the real master to keep both the zone data 
and the zone configurations in sync.

If you have security restrictions that limit your ability to push files 
or run commands remotely, another option is to have an "index" zone that 
contains nothing but records representing zones to be slaved. Whenever 
you add or delete a zone on the master, add or delete the corresponding 
record in this "index" zone. The slave periodically zone-transfers this 
"index" zone, parses it, and then rewrites its named.conf (or, again, 
this could be just a file included into named.conf) if anything changes.

What all of these mechanisms tend to lack is the ability to "customize" 
the generated config files to the specific slaves on which they reside. 
Maybe some day someone will come up with a nifty utility to do this in 
an easy-to-setup-and-use kind of way...

                                                                         
                                                         - Kevin

More information about the bind-users mailing list