manual update of slave zones?
kcd at daimlerchrysler.com
Fri Jul 27 22:37:44 UTC 2007
Tollefsen, Lyle wrote:
> Is there a way to create a slave zone that can't be updated dynamically,
> that must be updated by hand, and not have to worry about the refresh
> timeout? We have a number of zones that we will be secondary for, but
> don't want to trust the keepers of the master zone files to present to
> us safe dynamic updates. What are my options here?
The master/slave relationship is one of replication, not Dynamic Update.
If your "slaves" don't end up with exact copies of what's on the master
-- whether that data is "safe" or not -- at the end of every successful
refresh cycle, then they're not slaves at all; the term "slave" is the
wrong one to use for such nameservers. You shouldn't even be in the NS
records for these zones if you're serving up different versions of them
than the other authoritative nameservers. It's a recipe for disaster for
the authoritative nameservers of a given zone to persistently give out
If you want to host *different* versions of these zones, with a
mutually-exclusive set of NS records than the "real" versions, then set
the zones up as "master" on one of your nameservers and "slave" on the
others. Then it would be up to you whether to update the zones by hand,
by Dynamic Update, from a database, or however. You might want to
consider periodically scanning the "real" versions of the zones, to pick
up the changes, and then pass the incremental differences through a
manual approve/disapprove process before committing them.
More information about the bind-users