DNS push mechanism.

Fri Oct 28 17:25:14 UTC 2005

> From: Steven Hajducko <steven.hajducko at digitalinsight.com>
> To: "'bind-users at isc.org'" <bind-users at isc.org>
> Subject: DNS push mechanism.
> Date: Thu, 27 Oct 2005 17:57:14 -0700
> 
[...snip...]
> the management lan.  Because of this, I have to develop a mechanism to
> ensure that:
>  
> a) The transaction of the zone is done over TCP.
> b) The master pushes the zone to the slave and not vice versa.
>  
> We are, under no circumstances, allowed to have the slaves initiate a
> connection to the master in order to download zone files, be it incremental
> or full zones.  I was curious if anyone else has come up with a mechanism
> for doing this or knows of a utility to do this?  At this point, I'm just
> considering using rsync over ssh ( ala djbdns ) to do the transfers anytime
> an update is made, but I'd like to see if there is a more... elegant..
> solution.
>  

Designate one of your external 'slaves' as a master.  

Use rsync or something (...  Encrypted mail, scp via ssh, whatever - I
use email and PGP for the body of the message) to push your zones from
the internal master to your designated external master.  (Ensure that
the internal serial is one greater than the external at the time of the
push.)  restart named on the external master.

This allows normal DNS updates to occur between your external master
and your external slaves.

Regards,
Gregory Hicks

-------------------------------------------------------------------
Gregory Hicks                        | Principal Systems Engineer
Cadence Design Systems
555 River Oaks Pkwy
San Jose, CA 95134

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton