Date: Wed, 2 Aug 2000 17:00:22 -0400 (EDT) From: Joe Barnhart <flaboy@gnv.fdt.net> To: Jason Portwood <jason@iac.net> Cc: "'Erin'" <Kahn@deadbbs.com>, freebsd-isp@FreeBSD.ORG Subject: RE: Secondary BIND server. Message-ID: <Pine.LNX.4.05.10008021658080.13195-100000@yoda.fdt.net> In-Reply-To: <6381A6A8826BD31199500090279CAFBA106C25@FOGHORN>
index | next in thread | previous in thread | raw e-mail
This is the simplest way:
First set up a cron:
#update secondary dns info
1 0,12 * * * /usr/local/sbin/update.virtuals
Second write the simple bash script, use whatever account@host.com you
wish, I use dist@ :
/usr/local/bin/scp dist@whatever.host.net:/etc/named.slaves.conf /etc/
exec /usr/sbin/ndc reload
no perl scripts, simple, effective. I assume everyone has ssh.
JB
On Wed, 2 Aug 2000, Jason Portwood wrote:
> >
> > Does anyone have some sugestions on how I would go about getting my
> > secondary DNS server to automatically setup the secondary
> > domain when I put it in the primary DNS server.
> >
> > Is there any software that already does this?
> >
>
> I saw the other posts about this and how to do it. I came up with an idea
> about a week ago
> on how to do this using a pair of Perl scripts and DNS only.
>
> One Perl script to parse the domains out into a zone file with entries
> like...
>
> IN TXT "somehost.com"
>
> Then on the secondary the second script does a dig @yourdnsserver
> zonefile.list.net axfr
> and then parses that out into a (included) named.conf file. Reload if there
> is a change ala serial numbers...
>
> On the primary you would set that zone file up to allow only zone transfers
> from
> your secondary and no queries on the domain.
>
> // something like...
> zone "slaves.somehost.net" {
> type master;
> file "slaves.somehost.net";
> allow-transfer { 10.1.1.1; };
> allow-query { none; };
> };
>
> I would have done this update just through the normal zone transfers by that
> appears to do a query before a transfer (dig doesn't). Also I didn't want
> to have to set up a record on the secondary and have to fuss protecting
> that. Plus getting it to sync after a transfer seemed a little hard than
> just doing a dig and parsing that out.
>
> I haven't put it into production yet (still doing the by hand tests) but all
> appears to be
> going well. I have also sent a message off to the ISC BIND suggestion
> people to make sure what I
> have done is sane.
>
> If anyone is interested in a copy of the two scripts just ask. It is still
> in the beginning stages (doesn't do any sanity checks on the data for one)
> but it does work at least in tests.
> If someone can come up with a better reason why not to GPL it I'm going to
> send it out that way... I would be very interested in any feedback on it or
> just this idea in general.
> The usual disclaimer... The script is beta and even if it wasn't. Always
> backup before/read code/etc... Don't blame me if it goes nuts as it works
> for me.
>
> I've either come up with a good idea or one that is so bad that there is a
> good reason why it isn't being used already.
>
> Jason Portwood - jason@iac.net
> Systems Administrator - Strategic/Internet Access Cincinnati
> Sales and Tech Support - 513-860-9052
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.10008021658080.13195-100000>