Kevin Darcy kcd at
Wed Jun 15 00:44:50 UTC 2005

Gamer wrote:

>Finally I only need an idea how to realize zone transfers - some
>automatism to add tons of Address Records into the zone files?
Those are really two separate things. Zone transfer is the mechanism 
defined within the DNS protocol to replicate zones from a master to one 
or more slave servers (you're not *required* to use zone transfers for 
this; you could use some other "out of band" mechanism if you want). 
Configuration of zone transfers is not that hard: just configure each 
zone as "slave" on the slave servers, specify a pathname in which the 
slave will store the slave copy of the zone (if you're running 
unprivileged, you'll need to make sure that named can write to the 
directory which contains the slave zone files), and, if you're denying 
zone transfers from the master by default, open up your 
allow-transfer(s) to allow your slaves to replicate the zones. If you 
have firewalls between your master and slaves, make sure that both 
UDP/53 and TCP/53 are open between them.

Adding tons of address records into the zone files could be done a 
number of different ways, depending on your requirements. If the address 
records follow some sort of regular pattern, you might be able to use 
the $GENERATE directive to synthesize them. If the same set of address 
records need to appear in a bunch of different zones, where the  only 
thing that differs between each set of address records is the suffix of 
each owner name, then you may be able to share a single file via the 
$INCLUDE mechanism. If you're just doing a one-time load of address 
records to your zone files, it should be fairly trivial to script the 
creation of those records, and their appendage to the zone files (if the 
data is coming from a hosts file, then you could perhaps use the "h2n" 
utility as a one-time migration tool). Lastly, if your concern is that 
you want to manage lots of address records in DNS without constantly 
fiddling with manually editing zone files, risking syntax errors that 
might disrupt production, forgetting to increment zone serial numbers, 
etc., you might want to look into a DNS management system of some sort 
(either a free one or one that is commerically available), or at least 
consider using Dynamic Update to manage the zones (be aware, however, 
that it's difficult if not impossible to safely intermingle Dynamic 
Updates and manual edits for the same zone).

   - Kevin

More information about the bind-users mailing list