How to modify "A" records on the slave when master is down?

Alberto Colosi/SI/RM/GSI/it alberto.colosi at
Wed Dec 3 22:25:07 UTC 2008

better to use an ftps then an sftp.


vsftpd with SSL compile option
GNU lftp

lftp is really simple and can be configured to bypass RSA CA verify sso to 
allow selfsigned and many other settings.

The difference is that if you lose RSA keys or in all cases, using the RSA 
keys to allow SCP, you could have a command line session too if used with 
SSH instead.

The main difference is a bit of security more ;)

Alberto Colosi
IBM Global Business Services
Sistemi Informativi S.P.A.
IT NetWork & Security Department
 *-* *-* *-*

Member of
IBM Information Security WW CoP

"Mike Bernhardt" <bernhardt at> 
Sent by: bind-users-bounces at
03/12/2008 22.59

<stevehunter_1 at>, <comp-protocols-dns-bind at>

RE: How to modify "A" records on the slave when master is down?

What we used to do is we had 2 masters. After an update was done on one of
them, we ran a perl script that would scp the db files to the other and 
send rndc reload to itself and the other master. That way both were always
up to date. It seems like if you had one master and one slave at each
datacenter, this would work very well. After the down datacenter comes 
up, simply run the script from the up-to-date master.

I can send you the perl script to save you some time if you want. The main
trick was getting scp to work with rsa keys so no password is required
(although it could work fine with a password if you're running the script


-----Original Message-----
From: stevehunter_1 at [mailto:stevehunter_1 at] 
Sent: Friday, November 21, 2008 9:10 PM
To: comp-protocols-dns-bind at
Subject: How to modify "A" records on the slave when master is down?

Hello.  I have two geographically different datacenters.  Each
datacenter has two instances of BIND.

There is one master out of these four.  The zones will have multiple
"A" records (pointing to the two datacenters to provide some minimal
amount of redundancy and load balancing)

What I want to do is put together a plan for when the master either
fails or the master becomes unavailable.

So if your master fails, or more likely, it becomes unavailable, and I
need to change the "A" records on the other slaves, how do you do it?

Can I have a master in each datacenter and a slave in each datacenter,
but a change made to any master propagates to all slaves?  For that
matter, can I just have four masters and be done with it?

It doesnt make sense that I could have multiple masters.. but I have
no idea how to solve this problem.  If datacenter A goes down for
three days, i want to be able to modify the slave "A" records to stop
pointing to the bad datacenter.  And when the datacenter comes back up
and the old master is alive, I want everything to work.

bind-users mailing list
bind-users at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list