Distribute named.conf

Mike Hoskins (michoski) michoski at cisco.com
Thu Jan 3 18:53:17 UTC 2013

-----Original Message-----

From: Phil Mayers <p.mayers at imperial.ac.uk>
Date: Thursday, January 3, 2013 9:44 AM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Distribute named.conf

>On 03/01/13 14:36, Warren Kumari wrote:
>> Yup, have a look at Puppet.
>> For the first while it will seem like way way more work than it is
>> worth (and the whole declarative language bit makes my head hurt) but
>> after investing a few hours getting things setup you'll wonder how
>> you ever managed without itŠ Deploying a new server (or configs, etc
>> to a bunch of servers) suddenly becomes trivial...
>A bit OT, but we use cfengine (because puppet didn't exist when we
>started doing it), but I strongly endorse the general sentiment behind
>this statement; if you run any number of servers at all, a config
>management tool like puppet/cfengine will transform your working life.

We started with cfengine as well, for the same reason...I still love it,
but we are moving to Puppet mostly because they are very similar at a high
level, the mothership invests and other acquisitions use it (convergence).

That said, fully agree the tool doesn't matter -- you want configuration
management.  To me that minimally includes a tool like cfengine or puppet
and some sort of CMDB to track objects (and serve as an ENC).

>> Setup Puppet to distribute the file, and then have an exec action
>> that does: rndc addzone example.com '{type master; file
>> "master/example.com"; };'
>Does puppet provide built-in facilities to synchronise events across
>multiple servers, because that was a concern to the OP.

Yes, and so did cfengine all the way back to 2.x...though it was a bit
scary to try and use the RPC functionality.  :-)  In Puppet MCollective
should be able to handle this.  While it takes more setup than the usual
client install, it also provides functionality larger shops will likely
not want to live without.

There are also other "orchestration layers" beside MC, this paper gives a
good overview:


More information about the bind-users mailing list