Using BIND-DLZ for a hidden master [was: Re: dns master-slave transfer]

Chris Thompson cet1 at cam.ac.uk
Wed Oct 31 23:05:26 UTC 2012


On Oct 29 2012, Feng He wrote:

>于 2012-10-29 9:58, kavin 写道:
>> Now,I want transfer the zone data from the master dns serverto slave
>> dns server ,the master dns use bind-dlz+mysql and the slave dns server
>> use bind+file.
>
>AFAIK, BIND DLZ doesn't send a notify message to slave, so both your
>master and slave should be able to use the DLZ backend and run a mysql
>replication for data sync.

That exchange prompts me to ask whether anyone has managed to use
BIND-DLZ in something like the following scenario.

We have a hidden master for vanity zones (we call them something else
for the punters) that runs in a small footprint virtual machine
together with the web server providing the updating interface. The
latter stores the data in a MySQL database.

At the moment there is a crontab that extracts data from that database
and updates zone files (if they need changing - there are some neat-o
optimisations) and does an "rndc reload" on the hidden master daemon.
That NOTIFYs the public nameservers for the zones, which are are in fact
our regular authoritative-only ones.

It seems that one ought to be able to use BIND-DLZ to cut out a step
there, but none of the how-to's for it seem to address this sort of
scenario, and the NOTIFY issue is particularly relevant. Fast responses
from the hidden master to queries are certainly *not* a requirement here,
and indeed we expect to be able to operate with it (and its MySQL database)
down for significant periods.

On the other hand, there is also a possibility that we might want to sign
the vanity zones (we use JANET, Nominet and Gandi for their registrations,
who all support signed delegations now), and how that would interact with
BIND-DLZ might also be an issue. Can one use BIND 9.9 "inline signing"
with the unsigned version provided by a DLZ interface?

-- 
Chris Thompson
Email: cet1 at cam.ac.uk



More information about the bind-users mailing list