Best way to handle multiple zones

Ryan McCain Ryan.McCain at dss.state.la.us
Wed Sep 19 20:36:24 UTC 2007


To put this into context we are currently using dss.state.la.us and are migrating to dss.la.gov and dss.louisiana.gov. Those are the 3 zones that need to stay in sync.

I have changed named.conf to look like this:

zone "dss.state.la.us" in {
        file "shared/shared.zone";
        type master;
};
zone "dss.la.gov" in {
        file "shared/shared.zone";
        type master;
};
zone "dss.louisiana.gov" in {
        file "shared/shared.zone";
        type master;
};

--SNIP--

/var/lib/named/shared/shared.zone looks like this:

$TTL 3600       ; 1 hour
@               IN SOA  dssns rmccain (
                                2007091906        ; serial
                                1200        ; refresh (20 minutes)
                                600        ; retry (10 minutes)
                                1209600    ; expire (2 weeks)
                                3600       ; minimum (1 hour)
                                )
                        NS      dssns
                        NS      dssns2
                        A       205.172.49.49
                        MX      10 smtp-ext1
                        MX      20 smtp-ext2
acess                   A       205.172.49.23
acess-info              A       205.172.49.23
acspoc                  A       205.172.49.9
b2b                     CNAME   mvs
bankrecon               A       205.172.49.29
chatblazer              CNAME   dss-sa9928951


--SNIP--

..It seems to be working.  Will that not hold up?

>>> On Wed, Sep 19, 2007 at  3:22 PM, in message
<62F72AEA-3927-4B7E-87D0-FE1D0191B4B7 at menandmice.com>, Chris Buxton
<cbuxton at menandmice.com> wrote: 
> No. This zone file is not for your main domain, and your name server  
> and mail server hostnames should fall into your main domain. For  
> example, here are some (very short) complete zone files, one for the  
> main zone and the other for all other zones:
> 
> ____________________________
> 
> ; $ORIGIN maindomain.
> @	SOA	a.ns hostmaster 2007091900 1h 5m 6w 1h
> 	NS	a.ns
> 	NS	b.ns
> 	MX	10  a.mx
> 	A	192.0.2.4
> www	A	192.0.2.4
> a.ns	A	192.0.2.1
> b.ns	A	192.0.2.2
> a.mx	A	192.0.2.3
> ____________________________
> 
> ; share zone file, $ORIGIN value indeterminate from this point
> @	SOA	a.ns.maindomain. hostmaster.maindomain. 2007091900 1h 5m 6w 1h
> 	NS	a.ns.maindomain.
> 	NS	b.ns.maindomain.
> 	MX	10  a.mx.maindomain.
> 	A	192.0.2.4
> www	A	192.0.2.4
> ____________________________
> 
> Chris Buxton
> Men & Mice
> 
> On Sep 19, 2007, at 11:29 AM, Ryan McCain wrote:
> 
>> One more thing..
>>
>> Wouldn't it look like this:
>>
>>> In shared.zone:
>>> -----------------------------------
>>> $TTL 1d
>>> @	SOA	[... 7 data fields ...]
>>> 	NS	a.ns
>>> 	NS	b.ns
>>> 	MX	10  a
>>> host1	A	10.0.0.1
>>> host2	A	10.0.0.2
>>> -----------------------------------
>>
>> rather than
>>
>>> In shared.zone:
>>> -----------------------------------
>>> $TTL 1d
>>> @	SOA	[... 7 data fields ...]
>>> 	NS	a.ns.maindomain.
>>> 	NS	b.ns.maindomain.
>>> 	MX	10  a.mx.maindomain.
>>> host1	A	10.0.0.1
>>> host2	A	10.0.0.2
>>> -----------------------------------
>>
>> thanks...
>>
>>
>>>>> On Mon, Aug 27, 2007 at  3:14 PM, in message
>> <634EB382-69D9-4DAF-9173-BDFE6F911062 at menandmice.com>, Chris Buxton
>> <cbuxton at menandmice.com> wrote:
>>> Either use the same zone file for all three zones, or put an $INCLUDE
>>> directive into each zone pointing to a common file.
>>>
>>> Here is an example of using the first method, which requires that the
>>> three zones be completely identical other than zone name:
>>>
>>> In named.conf (not the whole file):
>>> -----------------------------------
>>> zone "domain1.com" { type master; file "shared.zone"; };
>>> zone "domain2.com" { type master; file "shared.zone"; };
>>> zone "domain3.com" { type master; file "shared.zone"; };
>>> -----------------------------------
>>> In shared.zone:
>>> -----------------------------------
>>> $TTL 1d
>>> @	SOA	[... 7 data fields ...]
>>> 	NS	a.ns.maindomain.
>>> 	NS	b.ns.maindomain.
>>> 	MX	10  a.mx.maindomain.
>>> host1	A	10.0.0.1
>>> host2	A	10.0.0.2
>>> -----------------------------------
>>>
>>> The key here is to not reference the domain name itself anywhere. "@"
>>> stands in for the zone name, as specified in each zone statement. All
>>> other domain names are carefully written unqualified unless they
>>> should not change between zones.
>>>
>>> Whenever a change is made to the shared zone file, be sure to issue
>>> 'rndc reload <domain>' for each of these domains, or else use 'rndc
>>> reload' without specifying a domain argument.
>>>
>>> Chris Buxton
>>> Men & Mice
>>>
>>> On Aug 27, 2007, at 10:45 AM, Ryan McCain wrote:
>>>
>>>> I have 3 zones that need to stay in sync.  For example
>>>> host1.domain1.com needs to be the same as host1.domain2.com and
>>>> host1.domain3.com.  What is the best way to handle this?
>>>>
>>>> I was thinking of writing a script to update the domain2 and
>>>> domain3 zone files when I update the domain1 zone file but figured
>>>> there has to be something in built into BIND that handles this as
>>>> I'm not the only one who does this.
>>>>
>>>> Thanks..
>>>>
>>>>
>>>>
>>>>
>>>>
>>



More information about the bind-users mailing list