Date: Wed, 2 Aug 2000 16:52:40 -0400 From: "Jason Portwood" <jason@iac.net> To: "'Erin'" <Kahn@deadbbs.com>, <freebsd-isp@FreeBSD.ORG> Subject: RE: Secondary BIND server. Message-ID: <6381A6A8826BD31199500090279CAFBA106C25@FOGHORN> In-Reply-To: <6381A6A8826BD31199500090279CAFBA10206E@FOGHORN>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> Does anyone have some sugestions on how I would go about getting my
> secondary DNS server to automatically setup the secondary
> domain when I put it in the primary DNS server.
>
> Is there any software that already does this?
>
I saw the other posts about this and how to do it. I came up with an idea
about a week ago
on how to do this using a pair of Perl scripts and DNS only.
One Perl script to parse the domains out into a zone file with entries
like...
IN TXT "somehost.com"
Then on the secondary the second script does a dig @yourdnsserver
zonefile.list.net axfr
and then parses that out into a (included) named.conf file. Reload if there
is a change ala serial numbers...
On the primary you would set that zone file up to allow only zone transfers
from
your secondary and no queries on the domain.
// something like...
zone "slaves.somehost.net" {
type master;
file "slaves.somehost.net";
allow-transfer { 10.1.1.1; };
allow-query { none; };
};
I would have done this update just through the normal zone transfers by that
appears to do a query before a transfer (dig doesn't). Also I didn't want
to have to set up a record on the secondary and have to fuss protecting
that. Plus getting it to sync after a transfer seemed a little hard than
just doing a dig and parsing that out.
I haven't put it into production yet (still doing the by hand tests) but all
appears to be
going well. I have also sent a message off to the ISC BIND suggestion
people to make sure what I
have done is sane.
If anyone is interested in a copy of the two scripts just ask. It is still
in the beginning stages (doesn't do any sanity checks on the data for one)
but it does work at least in tests.
If someone can come up with a better reason why not to GPL it I'm going to
send it out that way... I would be very interested in any feedback on it or
just this idea in general.
The usual disclaimer... The script is beta and even if it wasn't. Always
backup before/read code/etc... Don't blame me if it goes nuts as it works
for me.
I've either come up with a good idea or one that is so bad that there is a
good reason why it isn't being used already.
Jason Portwood - jason@iac.net
Systems Administrator - Strategic/Internet Access Cincinnati
Sales and Tech Support - 513-860-9052
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6381A6A8826BD31199500090279CAFBA106C25>