Date: Wed, 2 Aug 2000 17:00:22 -0400 (EDT) From: Joe Barnhart <flaboy@gnv.fdt.net> To: Jason Portwood <jason@iac.net> Cc: "'Erin'" <Kahn@deadbbs.com>, freebsd-isp@FreeBSD.ORG Subject: RE: Secondary BIND server. Message-ID: <Pine.LNX.4.05.10008021658080.13195-100000@yoda.fdt.net> In-Reply-To: <6381A6A8826BD31199500090279CAFBA106C25@FOGHORN>
next in thread | previous in thread | raw e-mail | index | archive | help
This is the simplest way: First set up a cron: #update secondary dns info 1 0,12 * * * /usr/local/sbin/update.virtuals Second write the simple bash script, use whatever account@host.com you wish, I use dist@ : /usr/local/bin/scp dist@whatever.host.net:/etc/named.slaves.conf /etc/ exec /usr/sbin/ndc reload no perl scripts, simple, effective. I assume everyone has ssh. JB On Wed, 2 Aug 2000, Jason Portwood wrote: > > > > Does anyone have some sugestions on how I would go about getting my > > secondary DNS server to automatically setup the secondary > > domain when I put it in the primary DNS server. > > > > Is there any software that already does this? > > > > I saw the other posts about this and how to do it. I came up with an idea > about a week ago > on how to do this using a pair of Perl scripts and DNS only. > > One Perl script to parse the domains out into a zone file with entries > like... > > IN TXT "somehost.com" > > Then on the secondary the second script does a dig @yourdnsserver > zonefile.list.net axfr > and then parses that out into a (included) named.conf file. Reload if there > is a change ala serial numbers... > > On the primary you would set that zone file up to allow only zone transfers > from > your secondary and no queries on the domain. > > // something like... > zone "slaves.somehost.net" { > type master; > file "slaves.somehost.net"; > allow-transfer { 10.1.1.1; }; > allow-query { none; }; > }; > > I would have done this update just through the normal zone transfers by that > appears to do a query before a transfer (dig doesn't). Also I didn't want > to have to set up a record on the secondary and have to fuss protecting > that. Plus getting it to sync after a transfer seemed a little hard than > just doing a dig and parsing that out. > > I haven't put it into production yet (still doing the by hand tests) but all > appears to be > going well. I have also sent a message off to the ISC BIND suggestion > people to make sure what I > have done is sane. > > If anyone is interested in a copy of the two scripts just ask. It is still > in the beginning stages (doesn't do any sanity checks on the data for one) > but it does work at least in tests. > If someone can come up with a better reason why not to GPL it I'm going to > send it out that way... I would be very interested in any feedback on it or > just this idea in general. > The usual disclaimer... The script is beta and even if it wasn't. Always > backup before/read code/etc... Don't blame me if it goes nuts as it works > for me. > > I've either come up with a good idea or one that is so bad that there is a > good reason why it isn't being used already. > > Jason Portwood - jason@iac.net > Systems Administrator - Strategic/Internet Access Cincinnati > Sales and Tech Support - 513-860-9052 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.10008021658080.13195-100000>