Why no function to automatically add new zones to slave servers?

Sam M sam.m at servwise.com
Wed Feb 13 15:09:04 UTC 2008


Yes, sorry I was trying desperately to confuse everyone (and myself), I
meant copying the named.conf (We actually use a separate one we call
slavenamed.conf which is just included into the named.conf on the slave
server).

We do have the system working fine (With a few glitches being created which
are caused by our control panel not bind) it's just I feel it could all be
done in a much easier and better way and wanted to ask why it wasn't.. 

Regards 
Sam M 


> -----Original Message-----
 
> If it is really a slave server the only thing you should have to modify
> is your named.conf on the slave.   It is the named.conf that tells it
> what to transfer from the master.   Typically what I do is add the zone
> to the master and update its named.conf then bounce named there.  I
> then
> add the appropriate transfer entry to named.conf on the slave and
> bounce
> named there.   On restart of named on the slave it should transfer the
> zone file from the master to the slave.
> 
> The security is setup in named.conf on each side to determine what
> should be allowed to transfer zone files.
> 
> 
> -----Original Message-----
> Please excuse if this is a subject that has been covered in depth
> before,
> but I needed to vent some frustration so here goes.
> 
> I was just wondering why there is no function in Bind to automaticly
> add/signal NEW zones to slave DNS servers?
> 
> At the moment I have to add records to a slave zones file as well as a
> master zones file and transfer the slave zones file to my slave servers
> using a third-party transfer method e.g sftp, https or configure the
> slave
> servers to transfer the slave zone file from the master server at
> regular
> intervals.
> 
> It seems to me this really makes things far more complex than they need
> to
> be. It does seem strange that such a vital part of the DNS setup
> (Redundency) has been left to be bolted on in such a haphazzard way.
> 
> I've heard some mention security issues, but I don't see why that can't
> be
> overcome, surely it can't be as bad as having to resort to some
> third-party
> method which is probably more insecure than building a properly secure
> method within the bind program itself.
> 
> Maybe im missing something and it can already be done like this. I know
> that
> some DNS server software can do this e.g. SimpleDNS on Windows.
> 
> Yours, lost and confused.
> 




More information about the bind-users mailing list