administering 1,000 zone files
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu Dec 30 15:23:06 UTC 2004
Mariano Cunietti <mcunietti at enter.it> wrote:
> On Thu, 2004-12-30 at 14:22, phn at icke-reklam.ipsec.nu wrote:
>> > What I'm actually looking for is a way to synchronize named.conf
>> > on both servers: each time I add a new zone to the master, I want th=
e
>> > correspondig slave statement to be created on the slave server.
>>=20
>> > This could be accomplished through a (perl?) script, maybe using a
>> > shared SQL database which is populated via web.
>>=20
>> > My questions are:
>> > a) can you suggest me such a tool to perform these tasks?
>>=20
>> perl + ssh / rsync to distribute the resulting file. A few=20
>> hours of work si all you need.
>>=20
>> Also look into using a "hidden" master , it will simplify things=20
>> whenever you encounter an error during reload of your master.
> Thanks Peter.
> I was considering to use the "include" statement in my slave named.conf=
,
> to ease the readability of my newly generated slave zone list, and to
> keep it apart from general configuration statement as well.
> May this be a *correct* way to proceed?
Yes.
I'll post a per to do just this, it's partof a larger collection and
it's invoked via "doall" :
#!/bin/sh
# wrapper script
# CHANGE THIS :
. /home/peter/proj/somesite/vit-dns/bin/common
# make includes
./geninline
# check result
for i in slaves/*
do
echo -n "Checking $i/`basename $i`.conf"
named-checkconf $i/`basename $i`.conf
echo "."
done
"geninline" contains :
#!/bin/sh
# file to generate slave-files from master
#
# CONFIGURE THIS
. /home/peter/proj/somesite/vit-dns/bin/common
#
cd $BASE
# resulting configfiles
GATEKEEPERSE=3Dgatekeeper.somesite.se
GATEKEEPERCOM=3Dgatekeeper.somesite.com
GATESE=3Dgate.somesite.se
echo "My ip seems to be $IPUSED"
#
$BIN/parse-conf -n $NAMEDCONF -i include.conf -a acl.conf -m $IPUSED
#
for i in slaves/*
do
echo -n "Creating $i "
$BIN/addinclude $i/`basename $i`
echo "."
done
"addinclude" :
#!/bin/sh
# $1 =3D FQDN-of-dns-server
# CONFIGURE THIS
. /home/peter/proj/somesite/vit-dns/bin/common
#
DSERV=3D$1
cd $BASE
echo "// Automatically generated at `date`" > $DSERV.conf
echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf
echo "// NS-specific header :$DSERV.header" >> $DSERV.conf
cat $DSERV.header >> $DSERV.conf
echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf
echo "// common acl " >> $DSERV.conf
cat acl.conf >> $DSERV.conf
echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf
echo "// common zones " >> $DSERV.conf
cat include.conf >> $DSERV.conf
echo "// end of included common zones" >> $DSERV.conf
"common" ( where global settings are done ) :
#!/bin/sh
# common config variables for DMAN
# source ( .common ) in bourne-scripts
#
# location of files
BASE=3D/home/peter/proj/somesite/vit-dns
BIN=3D$BASE/bin
# program to determind hidden masters IP
IPUSED=3D`$BIN/extractip`
#
# name and location of master named.conf
NAMEDCONF=3D$BASE/masterns/named.conf
#
# location of slaves config
SLAVES=3D$BASE/slaves
and finally "parse-conf" looks like :
#!/usr/bin/perl
#
# parse-conf -n named.conf -i nsinclude.conf -a nsacl.conf -m <masterip>
#
# .1 deal in a rudimentary way with comments
# NOTE some combinations of one-line dont work !!
#
use Getopt::Std;
getopts('n:i:a:m:v') or die "Usage $0 -n <infile> -i <include> -a <acl> [=
-v]\n";
if ( ! $opt_n ){
print " -n <infile> missing\n";
exit 1;
} else{ $CONF=3D$opt_n;
};
if ( ! $opt_i ) {
print " -i <generated include file> missing \n";
exit 1;
} else { $INC=3D$opt_i;
};
if ( ! $opt_a ) {
print "-a <generated acl file> missing \n";
exit 1;
} else { $ACL=3D$opt_a;
};
if ( ! $opt_m ) {
print "-m <masters ip> missing\n";
exit 1;
} else {
$masters =3D $opt_m;
};
# print "input=3D$CONF, nsinclude=3D$INC, nsacl=3D$ACL\n";
#
# read named.conf, scan for tags '//<tag>' and scan for
# tags of the form '//<tag>' and corresponding '//</tag>'
# curr. recignz 'nsinclude' och 'nsacl'
open(IN,$CONF) or die "File $CONF not found\n";
$state =3D 0; # 0 =3D outside , 1=3D include,2 2=3Dacl
$commented =3D 0; # true inside comments
NXT:
while(<IN>) {
chomp();
# print "[ $_ ]\n";
if ( $commented =3D=3D 1 ) { # reset after nl
$commented =3D 0;
};
if ( $commented =3D=3D 0) { # not in ML comments
/ *\/\/[^<]/ && do {
$commented =3D 1; # single-line
# print "single-line comment\n";
};
/ *#/ && do {
$commented =3D 1; # single-line
# print "single-line # \n";
};
};
/ *\/\*/ && do {
$commented =3D 2; # possible multiline
# print "start of ML comment\n";
};
/ *\*\// && do {
if ( $commented =3D=3D 2) {
$commented =3D 0;
# print "end of ML comment\n";
};
};
/\/\/<nsinclude>/ && do { # starting nsinclude
if ( $state !=3D 0 ) {
print "//<nsinclude> nested ?\n";
exit 1;
};
$state =3D 1;
open(NSINCLUDE,">$INC") or die "cannot open $INC\=
n";
# print "//<nsinclude>\n";
next NXT;
};
/\/\/<\/nsinclude>/ && do { # ending nsinclude
if ( $state !=3D 1 ) {
print "missing //<nsinclude>\n";
exit 1;
};
$state =3D 0;
close(NSINCLUDE);
# print "//</nsinclude>\n";
next NXT;
};
/\/\/<nsacl>/ && do { # nsacl ?
if ( $state !=3D 0 ){
print "//<nsacl> nested ?\n";
exit 1;
};
$state =3D 2;
open(NSACL,">$ACL") or die "Cannot open $ACL\n";
# print "//<nsacl>\n";
next NXT;
};
/\/\/<\/nsacl>/ && do {
if ( $state !=3D 2 ) {
printf "missing //<nsacl> \n";
exit 1;
};
$state =3D 0;
close(NSACL);
# print "//</nsacl>\n";
next NXT;
};
/\/\/</ && do { # reject unknown tags
print "Unknown tag ($_)\n";
exit 1;
};
# not a tag, copy according to state
if ( $state =3D=3D 0 ) { # do nothing
};
if ( $state =3D=3D 1 ) { # do include
/type *master/ && do {
if ( $commented =3D=3D 0 ) { # only adj r=
eal
printf NSINCLUDE " type slave=
;\n";
printf NSINCLUDE " masters {$=
masters;};\n";
next NXT;
};
};
/file / && do {
if ( $commented =3D=3D 0 ) {
# replace first component of file (=3D typically "master" ) with "slave"
$_ =3D~ s/file\s+\"\w+\//file \"s=
lave\//g;
printf NSINCLUDE "$_\n";
next NXT;
};
};
printf NSINCLUDE "$_\n";
};
if ( $state =3D=3D 2) { # acl file
printf NSACL "$_\n";
};
};
END of parse-conf
2 special tags "<nsacl>" and <nsinclude> may be found in the=20
original, when found they will write files which will be concatenated
together in the "addunclude" stage.=20
The end result is that the dir slaves/<slave>/ will be filles with=20
a config-file xx.conf, see allinclude for details. The xx.header
part contains nameserver-unique info.
Feel free to munge, pleae mail me with significant improvements (
yes there is lots of them) and forgive me for my mistakes,
( my documetation is in swedish and might not be usabkle for you)
> Alex: obviously my perl script would "translate" the statements to a co=
rrect slave syntax.
> TIA
> Mariano
> --=20
> -----------------------------
> Mariano Cunietti
> System Administrator
> Enter S.r.l.
> Via Stefanardo da Vimercate, 28
> 20128 - Milano - Italy
> Tel. +39 02 25514319
> Fax +39 02 25514303
> mcunietti at enter.it
> www.enter.it - www.enterpoint.it
> -----------------------------
> Gruppo Y2K - www.gruppoy2k.it
--=20
Peter H=E5kanson =20
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out=
,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list