Hosting Provided By

Re: two bind9 masters

From: Dan MacNeil <dan(at)thecsl.org>
Date: Thu Oct 11 2007 - 12:46:06 EDT

> On Thu, Oct 11, 2007 at 12:01:52AM +0200, Wojciech Ziniewicz wrote:

>> One server is managed through ISPconfig software. It has about 80
>> domains in it now , and works well but for the production use (we're
>> now preparing for moving from QA to prod.) there must be 2 or more DNS
>> servers for those domains. As the old servers will be shut down, new
>> servers must take their role.

>

Andy Smith wrote:
> Nothing in the rest of your email makes clear why you can't just
> have another DNS server slaving off the DNS server that has
> ISPconfig on it.
>
> I've never used ISPconfig though, but it's hard to believe that it
> configures a DNS server in such a way as to make zone transfers
> impossible. That would be really broken.

We decided not to use bind's replication mechanism because it required us to add zones to each server by hand.

For example in our named.inc

	zone "lbgc.org" {
	        type master;
	        file "db.lbgc";
	};

Other people have opted not use bind's replication mechanism because there have been security issues.

If it is helpful, our rysnc script is attached.

#!/usr/bin/perl -w

# $Revision: 1.9 $
# $Source: /usr/local/cvsroot/boxes/scripts/some/dnssync,v $
# %Location: /usr/local/sbin/
# %Servers: brave csl-dns-01

use warnings;
use strict;

##
# Configuration
##

# rndc command-line options
my $RNDC         = '/usr/sbin/rndc';

my $RNDC_OPTIONS = '-s';
my $RNDC_COMMAND = 'reload';

Do you need help?

# rsync command-line options

my $RSYNC         = '/usr/bin/rsync';
my $RSYNC_OPTIONS = "-azql --delete  -e 'ssh -i /var/cache/bind/.ssh/id_dsa' ";
my $EXCLUDE       =
'--exclude=old/ --exclude=named.conf* --exclude=named.options --exclude=rndc.*';
my $SOURCE      = '/etc/bind/';

my $REMOTE_USER = 'bind';

my $DIG = '/usr/bin/dig';

# Hash of each hostname and its BIND config directory my %HOST_CONFIGDIR = (

    'csl-dns-01.thecsl.org' => '/etc/bind',
    'csl-dns-02.thecsl.org' => '/usr/local/etc/bind',
    'csl-dns-03.thecsl.org' => '/etc/bind',

);

##
# Main
##

{

print "\nReloading localhost\n";
print `$RNDC $RNDC_OPTIONS localhost $RNDC_COMMAND`;

foreach my $host ( sort keys %HOST_CONFIGDIR ) {

        print "\n$host";
        print "\tcopy files...";

        my $cmd = "$RSYNC $RSYNC_OPTIONS ";
        $cmd .= "$EXCLUDE $SOURCE ";
        $cmd .= "${REMOTE_USER}\@$host:$HOST_CONFIGDIR{$host}";
        print `$cmd`;
        print "\treload server...";
        system("$RNDC $RNDC_OPTIONS $host $RNDC_COMMAND > /dev/null") == 0
          or warn "FAILED";

        print "\ttest dns is up...";
        system("$DIG \@${host} thecsl.org > /dev/null") == 0
          or warn "FAILED";

}

print "\n";

}

-- 
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Thu Oct 11 12:46:56 2007

This message: [ Message body ]
Next message: Craig Sanders: "Re: two bind9 masters"
Previous message: Andy Smith: "Re: two bind9 masters"
In reply to: Andy Smith: "Re: two bind9 masters"
Next in thread: Craig Sanders: "Re: two bind9 masters"
Reply: Craig Sanders: "Re: two bind9 masters"
Reply: Dominique Görsch: "Re: two bind9 masters"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:51:04 EDT

Do you need more help?