From owner-freebsd-isp Wed Aug 2 14: 0:41 2000 Delivered-To: freebsd-isp@freebsd.org Received: from yoda.fdt.net (yoda.fdt.net [209.212.128.32]) by hub.freebsd.org (Postfix) with ESMTP id 3FA8F37BAAC for ; Wed, 2 Aug 2000 14:00:36 -0700 (PDT) (envelope-from flaboy@gnv.fdt.net) Received: from localhost (flaboy@localhost) by yoda.fdt.net with ESMTP id RAA13688; Wed, 2 Aug 2000 17:00:22 -0400 Date: Wed, 2 Aug 2000 17:00:22 -0400 (EDT) From: Joe Barnhart X-Sender: flaboy@yoda.fdt.net To: Jason Portwood Cc: "'Erin'" , freebsd-isp@FreeBSD.ORG Subject: RE: Secondary BIND server. In-Reply-To: <6381A6A8826BD31199500090279CAFBA106C25@FOGHORN> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is the simplest way: First set up a cron: #update secondary dns info 1 0,12 * * * /usr/local/sbin/update.virtuals Second write the simple bash script, use whatever account@host.com you wish, I use dist@ : /usr/local/bin/scp dist@whatever.host.net:/etc/named.slaves.conf /etc/ exec /usr/sbin/ndc reload no perl scripts, simple, effective. I assume everyone has ssh. JB On Wed, 2 Aug 2000, Jason Portwood wrote: > > > > Does anyone have some sugestions on how I would go about getting my > > secondary DNS server to automatically setup the secondary > > domain when I put it in the primary DNS server. > > > > Is there any software that already does this? > > > > I saw the other posts about this and how to do it. I came up with an idea > about a week ago > on how to do this using a pair of Perl scripts and DNS only. > > One Perl script to parse the domains out into a zone file with entries > like... > > IN TXT "somehost.com" > > Then on the secondary the second script does a dig @yourdnsserver > zonefile.list.net axfr > and then parses that out into a (included) named.conf file. Reload if there > is a change ala serial numbers... > > On the primary you would set that zone file up to allow only zone transfers > from > your secondary and no queries on the domain. > > // something like... > zone "slaves.somehost.net" { > type master; > file "slaves.somehost.net"; > allow-transfer { 10.1.1.1; }; > allow-query { none; }; > }; > > I would have done this update just through the normal zone transfers by that > appears to do a query before a transfer (dig doesn't). Also I didn't want > to have to set up a record on the secondary and have to fuss protecting > that. Plus getting it to sync after a transfer seemed a little hard than > just doing a dig and parsing that out. > > I haven't put it into production yet (still doing the by hand tests) but all > appears to be > going well. I have also sent a message off to the ISC BIND suggestion > people to make sure what I > have done is sane. > > If anyone is interested in a copy of the two scripts just ask. It is still > in the beginning stages (doesn't do any sanity checks on the data for one) > but it does work at least in tests. > If someone can come up with a better reason why not to GPL it I'm going to > send it out that way... I would be very interested in any feedback on it or > just this idea in general. > The usual disclaimer... The script is beta and even if it wasn't. Always > backup before/read code/etc... Don't blame me if it goes nuts as it works > for me. > > I've either come up with a good idea or one that is so bad that there is a > good reason why it isn't being used already. > > Jason Portwood - jason@iac.net > Systems Administrator - Strategic/Internet Access Cincinnati > Sales and Tech Support - 513-860-9052 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message