DNS push mechanism.

Steven Hajducko steven.hajducko at digitalinsight.com
Fri Oct 28 00:57:14 UTC 2005


Hi,
 
Due to the nature of our environment and security concerns, I have to come
up with some way to push DNS zones from our master server to slave servers
in each of our environments.  Here's a better explanation.
 
We have some typical environments in the sense of a 3-tier setup.  Front -
Application - Backend Data.  We also have several clones of this
environment.  In order to try and centralize management, we also have a
management lan off to the side.  This management lan is where we host our
primary named server.  However, our security prevents us from allowing the
slave servers in each tier to pull zone information down from the master in
the management lan.  Because of this, I have to develop a mechanism to
ensure that:
 
a) The transaction of the zone is done over TCP.
b) The master pushes the zone to the slave and not vice versa.
 
We are, under no circumstances, allowed to have the slaves initiate a
connection to the master in order to download zone files, be it incremental
or full zones.  I was curious if anyone else has come up with a mechanism
for doing this or knows of a utility to do this?  At this point, I'm just
considering using rsync over ssh ( ala djbdns ) to do the transfers anytime
an update is made, but I'd like to see if there is a more... elegant..
solution.
 
Any help would be appreciated.
 
Thanks.
 
--
sh



More information about the bind-users mailing list