Multi-master (HA)

Kevin Darcy kcd at
Fri May 9 22:48:16 UTC 2014

On 5/9/2014 3:01 PM, John Wobus wrote:
>> ...if anyone has specific
>> thoughts on how to make this sort of thing easier in BIND -- even 
>> just at
>> the level of "boy, it irritates me that I can't make BIND do <X>" --
>> such comments will fall on welcoming ears.
> I agree that it would be nice if effort were made into making flipping
> masters straight-forward, i.e., not require a change to every zone 
> declaration
> and not force the operator to deal with zone files that suddenly need to
> switch between binary and ascii.  (There may be good ways to do this now
> that I'm unaware of.)

Where is the line drawn these days between DNS management protocols and 
provisioning protocols? Because, I've long thought the idea of feeding a 
config (i.e. the contents of a named.conf file) to a "named" instance 
via "rndc" would be an easy and secure way of quickly reconfiguring it 
to a different role (e.g. from master to slave, or _vice_versa_, for a 
whole bunch of views/zones in one fell swoop). Since the config is in a 
very regular, structured format, I'm sure some sort of encoding and/or 
compression could be employed to make the actual data transfer size 
fairly compact.

The only big gotcha that comes to mind here is if the named.conf is 
segmented via include files with different access privileges (e.g. not 
letting key definitions be world-readable), that segmentation/protection 
would need to be preserved on the receiving side.

             - Kevin

