Controlling many DNS servers using rndc

blr maani blrmaani at gmail.com
Wed Jan 5 00:42:39 UTC 2011


Thanks for the ideas.

I was inclined to use the -s option but realized that the keys has to be
distributed and maintained on controller host (the host from where we
execute the rndc) causing security issues. Also we have to maintain a 1-1
mapping of DNSservers vs keys if each DNSserver has uses different rndc key.

Suggestions to use pdsh or other shells looks interesting but current
environment restrictions is forcing me to think me about a script based
solution...

thanks
Blr

On Tue, Jan 4, 2011 at 4:29 PM, Eivind Olsen <eivind at aminor.no> wrote:

> > What is the best approach to control 100s of DNS servers using rndc ?
> > All these servers run BIND 9.3.x and are unix hosts.
> >
> > I was thinking about a script which does a ssh to each of these hosts
> > in sequence and execute 'rndc <command>'. But I was looking for much
> > more efficient/parallel way to do this..
>
> Depends, really. rndc itself can work remotely, but that might not be an
> option in all networks.
>
> Regards
> Eivind Olsen
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110104/f5b7f5ab/attachment.html>


More information about the bind-users mailing list