<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Apart from master/slave now being Primary/Secondary.... (mindset
change after 25 years of DNS management)<br>
</p>
<p>... I kind of like the idea - except if the Primary server is
DNSSEC Signing that zone (and DNSSEC is a really smart thing to be
able to do) then editing a Secondary is not a very simple thing to
do. The DNSSEC keys (zsk/ksk/(csk)) are not shared with the
transfer of a zone - so locally signing on a Secondary would be a
challenge.</p>
<p>I guess in an emergency one could remove the DNSSEC records from
the Zone along with removing the DS records from the parent. It
would then be safe to edit a text version on the Secondary and
better still, promote it to being the new Primary. Generally
though, one can usually afford for a Primary to be down for a
short time until things are fixed.</p>
<p>Having a contingency plan to switch your Primary to a different
(currently Secondary) server along with all the DNSSEC
configuration would be a useful exercise. Have all the same DNS
tools on that backup server that you already have on the current
Primary server.<br>
</p>
<div class="moz-cite-prefix">On 12/19/21 3:12 PM, Richard Doty
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CALNKzozVayyP4qDqPnpakdKGcbSO=itr24b7KqoFHxRnLy2rzQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Having text files makes editing easier, but you still want
to keep the slaves the same - making the identical edit
multiple times is some work, but may not actually happen
depending on circumstances (people make mistakes)</div>
<div><br>
</div>
<div>I like to make all the servers 'masters' - so whoever has
the highest serial number wins. Then if you update one slave,
it is automatically synced to the others. This might conflict
with however you populate your true master.<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Dec 17, 2021 at 6:30
AM Roberto Carna <<a href="mailto:robertocarna36@gmail.com"
moz-do-not-send="true">robertocarna36@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Warren,
thanks a lot....with the masterfile-format clause it works OK.<br>
<br>
Greetings!!!<br>
<br>
El jue, 16 dic 2021 a las 15:43, Warren Kumari (<<a
href="mailto:warren@kumari.net" target="_blank"
moz-do-not-send="true">warren@kumari.net</a>>) escribió:<br>
><br>
><br>
><br>
> On Thu, Dec 16, 2021 at 10:37 AM Roberto Carna <<a
href="mailto:robertocarna36@gmail.com" target="_blank"
moz-do-not-send="true">robertocarna36@gmail.com</a>>
wrote:<br>
>><br>
>> Dear all, I have one BIND9 server as master and 3 as
slaves.<br>
>><br>
>> The master and one slave are in a given site #1, and
the other two<br>
>> slaves are in a geographical different site #2.<br>
>><br>
>> In case site #1 goes offline, I need to edit records
in both slaves<br>
>> from site #2, in order to point some services to
other public IP's for<br>
>> contingency.<br>
>><br>
>> My question is:<br>
>><br>
>> What is the recommended way to edit the records from
a BIND9 slave?<br>
>> Because the zone files are binary files<br>
><br>
><br>
> Yup, if you are running (IIRC) > v9.9.x, the default
is binary files.<br>
> You can convert these beck to text with:<br>
> named-compilezone -f raw -F text -o example.com.text <a
href="http://example.com" rel="noreferrer" target="_blank"
moz-do-not-send="true">example.com</a> example.com.binary<br>
><br>
> You can also change the default in named.conf:<br>
> options {<br>
> // many many options<br>
> masterfile-format text;<br>
> //<br>
> // many other options<br>
> //<br>
> }<br>
><br>
> The raw (binary) zone files are good for large zones, but
for small zones, where speed isn't super important, text
format works just fine...<br>
> W<br>
><br>
><br>
>><br>
>> and using the Webmin interface<br>
>> is blocked.<br>
>><br>
>> The only manner is changing the configuration from
slave to master?<br>
>><br>
>> Thanks in advance, greetings!!!<br>
>> _______________________________________________<br>
>> Please visit <a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
>><br>
>> ISC funds the development of this software with paid
support subscriptions. Contact us at <a
href="https://www.isc.org/contact/" rel="noreferrer"
target="_blank" moz-do-not-send="true">https://www.isc.org/contact/</a>
for more information.<br>
>><br>
>><br>
>> bind-users mailing list<br>
>> <a href="mailto:bind-users@lists.isc.org"
target="_blank" moz-do-not-send="true">bind-users@lists.isc.org</a><br>
>> <a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
><br>
><br>
><br>
> --<br>
> The computing scientist’s main challenge is not to get
confused by the<br>
> complexities of his own making.<br>
> -- E. W. Dijkstra<br>
_______________________________________________<br>
Please visit <a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support
subscriptions. Contact us at <a
href="https://www.isc.org/contact/" rel="noreferrer"
target="_blank" moz-do-not-send="true">https://www.isc.org/contact/</a>
for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank"
moz-do-not-send="true">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at <a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
</blockquote>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<p>Mark James ELKINS - Posix Systems - (South) Africa<br>
<a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a> Tel: <a href="tel:+27826010496">+27.826010496</a><br>
For fast, reliable, low cost Internet in ZA: <a
href="https://ftth.posix.co.za">https://ftth.posix.co.za</a><br>
<br>
<img moz-do-not-send="false"
src="cid:part15.400A492D.AF457C68@posix.co.za" alt="Posix
Systems" width="250" height="165"><img moz-do-not-send="false"
src="cid:part16.EE73446E.98100DD0@posix.co.za" alt="VCARD for
MJ Elkins" title="VCARD, Scan me please!" width="164"
height="164"><br>
</p>
</div>
</body>
</html>