bind views and AXFR

Bryan Irvine sparctacus at gmail.com
Wed Aug 20 22:00:55 UTC 2008


On Wed, Aug 20, 2008 at 2:49 PM, Petersen, Kirsten J - NET
<Kirsten.Petersen at oregonstate.edu> wrote:
> I may already know the answer to this, but I'm looking for some
> confirmation.  Is it not possible to do bind views via a slave server?
> In other words, does AXFR just transfer the view that the slave can see
> and nothing more?

Correct.

> We have an in-house application that we use to build our dns configs.
> I'd like to be able to build to a master server and then have the slaves
> do AXFR to get updates from it.  The alternative is to push new zone
> files out to the name servers directly and do reloads all the time,
> which seems more dangerous.  In the first scenario, if we do something
> that causes named on the master to fail to start, at least the slaves
> will still be answering queries.
>
> However, we were also hoping to implement views so that we can hide dns
> for our private address space from the world.  But I'm thinking now that
> I can't do both of these things.
>
> Suggestions welcome.  :)

How about writing a script that checks the serial of the master
against that of the slave and then fetches the new config?  This way
if you destroy the zone on the master in such a way that it no longer
works the zone would not get reloaded on the master and therefore not
propagate to the slave.


-Bryan


More information about the bind-users mailing list