administering 1,000 zone files

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Thu Dec 30 15:23:06 UTC 2004


Mariano Cunietti <mcunietti at enter.it> wrote:
> On Thu, 2004-12-30 at 14:22, phn at icke-reklam.ipsec.nu wrote:

>> > What I'm actually looking for is a way to synchronize named.conf
>> > on both servers: each time I add a new zone to the master, I want th=
e
>> > correspondig slave statement to be created on the slave server.
>>=20
>> > This could be accomplished through a (perl?) script, maybe using a
>> > shared SQL database which is populated via web.
>>=20
>> > My questions are:
>> > a) can you suggest me such a tool to perform these tasks?
>>=20
>> perl + ssh / rsync to distribute the resulting file. A few=20
>> hours of work si all you need.
>>=20
>> Also look into using a "hidden" master , it will simplify things=20
>> whenever you encounter an error during reload of your master.

> Thanks Peter.
> I was considering to use the "include" statement in my slave named.conf=
,
> to ease the readability of my newly generated slave zone list, and to
> keep it apart from general configuration statement as well.
> May this be a *correct* way to proceed?

Yes.


I'll post a per to do just this, it's partof a larger collection and
it's invoked via "doall" :
#!/bin/sh
# wrapper script
# CHANGE THIS :
. /home/peter/proj/somesite/vit-dns/bin/common
# make includes
./geninline
# check result
for i in slaves/*
do
        echo -n "Checking $i/`basename $i`.conf"
        named-checkconf $i/`basename $i`.conf
        echo "."
done

"geninline" contains :
#!/bin/sh
# file to generate slave-files from master
#
# CONFIGURE THIS
. /home/peter/proj/somesite/vit-dns/bin/common
#
cd $BASE
# resulting configfiles
GATEKEEPERSE=3Dgatekeeper.somesite.se
GATEKEEPERCOM=3Dgatekeeper.somesite.com
GATESE=3Dgate.somesite.se
echo "My ip seems to be $IPUSED"
#
$BIN/parse-conf -n $NAMEDCONF -i include.conf -a acl.conf -m $IPUSED
#
for i in slaves/*
do
        echo -n "Creating $i "
        $BIN/addinclude $i/`basename $i`
        echo "."
done

"addinclude" :
#!/bin/sh
# $1 =3D FQDN-of-dns-server
# CONFIGURE THIS
. /home/peter/proj/somesite/vit-dns/bin/common
#
DSERV=3D$1
cd $BASE
echo "// Automatically generated at `date`" > $DSERV.conf
echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf
echo "// NS-specific header :$DSERV.header"  >> $DSERV.conf
cat $DSERV.header >> $DSERV.conf
echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf
echo "// common acl " >> $DSERV.conf
cat acl.conf  >> $DSERV.conf
echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf
echo "// common zones " >> $DSERV.conf
cat include.conf >> $DSERV.conf
echo "// end of included common zones" >> $DSERV.conf


"common" ( where global settings are done ) :
#!/bin/sh
# common config variables for DMAN
# source ( .common ) in bourne-scripts
#
# location of files
BASE=3D/home/peter/proj/somesite/vit-dns
BIN=3D$BASE/bin
# program to determind hidden masters IP
IPUSED=3D`$BIN/extractip`
#
# name and location of master named.conf
NAMEDCONF=3D$BASE/masterns/named.conf
#
# location of slaves config
SLAVES=3D$BASE/slaves

and finally "parse-conf" looks like :
#!/usr/bin/perl
#
# parse-conf -n named.conf -i nsinclude.conf -a nsacl.conf -m <masterip>
#
# .1 deal in a rudimentary way with comments
#       NOTE some combinations of one-line dont work !!
#
use Getopt::Std;
getopts('n:i:a:m:v') or die "Usage $0 -n <infile> -i <include> -a <acl> [=
-v]\n";

if ( ! $opt_n ){
        print " -n <infile> missing\n";
        exit 1;
        } else{ $CONF=3D$opt_n;
};
if ( ! $opt_i ) {
        print " -i <generated include file> missing \n";
        exit 1;
        } else { $INC=3D$opt_i;

};
if ( ! $opt_a ) {
        print "-a <generated acl file> missing \n";
        exit 1;
        } else { $ACL=3D$opt_a;
};
if ( ! $opt_m ) {
        print "-m <masters ip> missing\n";
        exit 1;
        } else {
                $masters =3D $opt_m;
};
#               print "input=3D$CONF, nsinclude=3D$INC, nsacl=3D$ACL\n";
#
# read named.conf, scan for tags '//<tag>' and scan for
# tags of the form '//<tag>' and corresponding '//</tag>'
# curr. recignz 'nsinclude' och 'nsacl'
open(IN,$CONF) or die "File $CONF not found\n";
        $state =3D 0; # 0 =3D outside , 1=3D include,2 2=3Dacl
        $commented =3D 0; # true inside comments
NXT:
        while(<IN>) {
                chomp();
# print "[ $_ ]\n";
                if ( $commented =3D=3D 1 ) { # reset after nl
                        $commented =3D 0;
                };
                if ( $commented =3D=3D 0) { # not in ML comments
                        / *\/\/[^<]/ && do {
                                $commented =3D 1; # single-line
                #               print "single-line comment\n";
                        };
                        / *#/ && do {
                                $commented =3D 1; # single-line
                #               print "single-line  # \n";
                        };
                };
                / *\/\*/ && do {
                        $commented =3D 2; # possible multiline
                #       print "start of ML comment\n";
                };
                / *\*\// && do {
                        if ( $commented =3D=3D 2) {
                                $commented =3D 0;
                #               print "end of ML comment\n";
                        };
                };
                /\/\/<nsinclude>/ && do {   # starting nsinclude
                        if ( $state !=3D 0 ) {
                                print "//<nsinclude> nested ?\n";
                                exit 1;
                        };
                        $state =3D 1;
                        open(NSINCLUDE,">$INC") or die "cannot open $INC\=
n";
#                       print "//<nsinclude>\n";
                        next NXT;
                };
                /\/\/<\/nsinclude>/ && do { # ending nsinclude
                        if ( $state !=3D 1 ) {
                                print "missing //<nsinclude>\n";
                                exit 1;
                        };
                        $state =3D 0;
                        close(NSINCLUDE);
#                       print "//</nsinclude>\n";
                        next NXT;
                };
                /\/\/<nsacl>/  && do {  # nsacl ?
                        if ( $state !=3D 0 ){
                                print "//<nsacl> nested ?\n";
                                exit 1;
                        };
                        $state =3D 2;
                        open(NSACL,">$ACL") or die "Cannot open $ACL\n";
#                       print "//<nsacl>\n";
                        next NXT;
                };
                /\/\/<\/nsacl>/ && do {
                        if ( $state !=3D 2 ) {
                                printf "missing //<nsacl> \n";
                                exit 1;
                        };
                        $state =3D 0;
                        close(NSACL);
#                       print "//</nsacl>\n";
                        next NXT;
                };
                /\/\/</  && do {        # reject unknown tags
                        print "Unknown tag ($_)\n";
                        exit 1;
                };
# not a tag, copy according to state
                if ( $state =3D=3D 0 ) { # do nothing
                };
                if ( $state =3D=3D 1  ) { # do include
                        /type *master/ &&  do {
                                if ( $commented =3D=3D 0 ) { # only adj r=
eal
                                        printf NSINCLUDE "     type slave=
;\n";
                                        printf NSINCLUDE "     masters {$=
masters;};\n";
                                        next NXT;
                                };
                        };
                        /file / && do {
                                if ( $commented =3D=3D 0 ) {
# replace first component of file (=3D typically "master" ) with "slave"
                                        $_ =3D~ s/file\s+\"\w+\//file \"s=
lave\//g;
                                        printf NSINCLUDE "$_\n";
                                        next NXT;
                                };
                        };
                        printf NSINCLUDE "$_\n";
                };
                if ( $state =3D=3D 2) { # acl file
                        printf NSACL "$_\n";
                };
        };


END of parse-conf


2 special tags "<nsacl>" and <nsinclude> may be found in the=20
original, when found they will write files which will be concatenated
together in the "addunclude" stage.=20

The end result is that the dir slaves/<slave>/ will be filles with=20
a config-file xx.conf, see allinclude for details. The xx.header
part contains nameserver-unique info.

Feel free to munge, pleae mail me with significant improvements (
yes there is lots of them) and forgive me for my mistakes,


( my documetation is in swedish and might not be usabkle for you)

> Alex: obviously my perl script would "translate" the statements to a co=
rrect slave syntax.

> TIA

> Mariano
> --=20
> -----------------------------
> Mariano Cunietti
> System Administrator
> Enter S.r.l.
> Via  Stefanardo da Vimercate, 28
> 20128 - Milano - Italy
> Tel.  +39 02 25514319
> Fax   +39 02 25514303
> mcunietti at enter.it
> www.enter.it - www.enterpoint.it
> -----------------------------
> Gruppo Y2K - www.gruppoy2k.it



--=20
Peter H=E5kanson        =20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out=
,
	   remove "icke-reklam" if you feel for mailing me. Thanx.



More information about the bind-users mailing list