Any way to query/determine all domains for which a particular server is authoritative?

Sat Apr 5 08:47:08 UTC 2008

It seems to me that there are two camps, one who wants this kind of 
feature and one who is afraid of it.

So proposal: implement this in a way that you can easily:
- enable it if you want
- optionally put it in its own "view" (own acl) so only slaves(and/or 
those in the list) can read it
- optionally base access on a key

Out of the box it should not be enabled but you have the option to put 
it into place if you need it and you can limit access with acl and keys 
if you want. If you still want to use other means of syncing you can 
still do so.

Personally I don't need it but I think it is a good idea, I would 
probably use it only internally in my intranet.

Paul Vixie wrote:
> "Eric B." <ebenze at hotmail.com> writes:
>
>   
>> Hi,
>>
>> I don't know if this is a "bind" question as such, or maybe another utility 
>> (dig maybe?) if at all possible.
>>
>> Is there anyway to query a DNS server in such a way that it produces a list 
>> of all the domains for which it is authoritative?
>>     
>
> we've thought of offering this as a .BIND subdomain, similar to VERSION.BIND
> but in this case it would be a zone full of SOA's showing the list of loaded
> zones, possibly with a NULL RR for the ones that are supposed to be loaded
> but which are currently lame.  the trouble is, VERSION.BIND got a whole lot
> of people angry, information leaks, domain poisoning, yadda, yadda, etc.  if
> there were an outpouring of support here for 
>
> 	dig @server zones.bind axfr
>
> then ISC might feel that it was safe to implement such a thing.
>
>   
>> I'm trying to set up a slave configuration of a DNS server, but everytime I 
>> add a domain to the primary server, I find that I have to manually update 
>> the config on the slave server as well to reflect the new domain as well. 
>> Is there anyway I can set up my Bind slave server as a "mirror" of the 
>> master server?
>>
>> The Master is running a Win2K implementation of DNS, if that makes any 
>> difference.
>>     
>
> it's not supposed to be required that all servers for a zone (or group of
> zones) run the same software.  it's possible, though, that microsoft AD has
> a feature that will do what you want, if the slave is also win2k and if both
> are in the same windows domain.
>
> in this thread...
>
> http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/2b64c3630b53f938/4c0630b28862f90b
>
> ...someone mentioned "vixie metazones" which i never got around to releasing.
> but here's what one looks like.  this is a live metazone used to synchronize
> my home (master) server with my colo (slave) server.  i've shared the fragile
> and not very well documented perl scripts that run on the slave server with
> several folks, and i know that i'm not the only one using this in production,
> but i lack the ambition to clean up the software and generally release it.
>
> $ORIGIN fh-sa.mz.vix.com.
> $TTL 3600
> @               SOA     ns.lah1.vix.com. hostmaster.vix.com. (
>                                         2007082400      ; serial
>                                         3600            ; refresh
>                                         1800            ; retry
>                                         604800          ; expiry
>                                         42 )            ; minimum (version)
> ;
>                 NS      ns.lah1.vix.com.
>                 NS      ns.sql1.vix.com.
> ;
> ; RRtype overloading
> ;
> ;       RT is used for lists of nameserver names (masters, also-notify) since
> ;       it has an MX-like priority field and we want to be able to define the
> ;       fetch-order in some cases.
> ;
> ;       PTR is used for the zone markers.  has to point to real domain, just
> ;       as a sanity check.  they have to be under a "zones" subdomain.
> ;
> ;       A and AAAA mean what they always mean, but are local to this zone.
> ;       they have to be under a "servers" subdomain.
> ;
> ;       MG is used for referring to TSIG keys, which are exchange outofband.
> ;
> masters         RT      10 ns-lah1.servers
> ;allow-transfer MG      fh-sa.tsig.vix.com.
> ;               MG      ns-ext.
> also-notify     RT      10 ns-ext.servers
> ;
> ns-lah1.servers A       204.152.188.234
> ;               AAAA    2001:4f8:2::9
> ns-ext.servers  A       204.152.184.64
>                 AAAA    2001:4f8:0:2::13
> ;
> $ORIGIN zones
> vix.com         PTR     vix.com.
> anog.net        PTR     anog.net.
> anog.org        PTR     anog.org.
> redbarn.org     PTR     redbarn.org.
> asbyrgi.net     PTR     asbyrgi.net.
>   

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 