kcd at daimlerchrysler.com
Wed Jun 15 00:44:50 UTC 2005
>Finally I only need an idea how to realize zone transfers - some
>automatism to add tons of Address Records into the zone files?
Those are really two separate things. Zone transfer is the mechanism
defined within the DNS protocol to replicate zones from a master to one
or more slave servers (you're not *required* to use zone transfers for
this; you could use some other "out of band" mechanism if you want).
Configuration of zone transfers is not that hard: just configure each
zone as "slave" on the slave servers, specify a pathname in which the
slave will store the slave copy of the zone (if you're running
unprivileged, you'll need to make sure that named can write to the
directory which contains the slave zone files), and, if you're denying
zone transfers from the master by default, open up your
allow-transfer(s) to allow your slaves to replicate the zones. If you
have firewalls between your master and slaves, make sure that both
UDP/53 and TCP/53 are open between them.
Adding tons of address records into the zone files could be done a
number of different ways, depending on your requirements. If the address
records follow some sort of regular pattern, you might be able to use
the $GENERATE directive to synthesize them. If the same set of address
records need to appear in a bunch of different zones, where the only
thing that differs between each set of address records is the suffix of
each owner name, then you may be able to share a single file via the
$INCLUDE mechanism. If you're just doing a one-time load of address
records to your zone files, it should be fairly trivial to script the
creation of those records, and their appendage to the zone files (if the
data is coming from a hosts file, then you could perhaps use the "h2n"
utility as a one-time migration tool). Lastly, if your concern is that
you want to manage lots of address records in DNS without constantly
fiddling with manually editing zone files, risking syntax errors that
might disrupt production, forgetting to increment zone serial numbers,
etc., you might want to look into a DNS management system of some sort
(either a free one or one that is commerically available), or at least
consider using Dynamic Update to manage the zones (be aware, however,
that it's difficult if not impossible to safely intermingle Dynamic
Updates and manual edits for the same zone).
More information about the bind-users