Re: two bind9 masters

To: debian-isp@lists.debian.org
Cc: debian-isp@lists.debian.org
Subject: Re: two bind9 masters
From: Dan MacNeil <dan@thecsl.org>
Date: Thu, 11 Oct 2007 12:46:06 -0400
Message-id: <[🔎] 470E534E.1020809@thecsl.org>
In-reply-to: <[🔎] 20071010230916.GV18805@bitfolk.com>
References: <[🔎] d1473ad90710100716x9d5c915u585d00a9d37328aa@mail.gmail.com> <[🔎] 200710102236.17088.gilles.mocellin@free.fr> <[🔎] d1473ad90710101347t579ced57jbcbe0d011d975f40@mail.gmail.com> <[🔎] 20071010213648.GE509@khazad-dum.debian.net> <[🔎] d1473ad90710101501v6189d7d4h604edc8b02e7dea2@mail.gmail.com> <[🔎] 20071010230916.GV18805@bitfolk.com>

On Thu, Oct 11, 2007 at 12:01:52AM +0200, Wojciech Ziniewicz wrote:

One server is managed through ISPconfig software. It has about 80
domains in it now , and works well but for the production use (we're
now preparing for moving from QA to prod.) there must be 2 or more DNS
servers for those domains. As the old servers will be shut down, new
servers must take their role.

Andy Smith wrote:

Nothing in the rest of your email makes clear why you can't just
have another DNS server slaving off the DNS server that has
ISPconfig on it.

I've never used ISPconfig though, but it's hard to believe that it
configures a DNS server in such a way as to make zone transfers
impossible.  That would be really broken.

We decided not to use bind's replication mechanism because it requiredus to add zones to each server by hand.


For example in our named.inc

	zone "lbgc.org" {
	        type master;
	        file "db.lbgc";
	};

Other people have opted not use bind's replication mechanism becausethere have been security issues.


If it is helpful, our rysnc script is attached.

#!/usr/bin/perl -w

# $Revision: 1.9 $
# $Source: /usr/local/cvsroot/boxes/scripts/some/dnssync,v $
# %Location: /usr/local/sbin/
# %Servers: brave csl-dns-01

use warnings;
use strict;

##
# Configuration
##

# rndc command-line options
my $RNDC         = '/usr/sbin/rndc';
my $RNDC_OPTIONS = '-s';
my $RNDC_COMMAND = 'reload';

# rsync command-line options
my $RSYNC         = '/usr/bin/rsync';
my $RSYNC_OPTIONS = "-azql --delete  -e 'ssh -i /var/cache/bind/.ssh/id_dsa' ";
my $EXCLUDE       =
'--exclude=old/ --exclude=named.conf* --exclude=named.options --exclude=rndc.*';
my $SOURCE      = '/etc/bind/';
my $REMOTE_USER = 'bind';

my $DIG = '/usr/bin/dig';

# Hash of each hostname and its BIND config directory
my %HOST_CONFIGDIR = (
    'csl-dns-01.thecsl.org' => '/etc/bind',
    'csl-dns-02.thecsl.org' => '/usr/local/etc/bind',
    'csl-dns-03.thecsl.org' => '/etc/bind',
);

##
# Main
##
{
    print "\nReloading localhost\n";
    print `$RNDC $RNDC_OPTIONS localhost $RNDC_COMMAND`;

    foreach my $host ( sort keys %HOST_CONFIGDIR ) {
        print "\n$host";
        print "\tcopy files...";

        my $cmd = "$RSYNC $RSYNC_OPTIONS ";
        $cmd .= "$EXCLUDE $SOURCE ";
        $cmd .= "${REMOTE_USER}\@$host:$HOST_CONFIGDIR{$host}";
        print `$cmd`;
        print "\treload server...";
        system("$RNDC $RNDC_OPTIONS $host $RNDC_COMMAND > /dev/null") == 0
          or warn "FAILED";

        print "\ttest dns is up...";
        system("$DIG \@${host} thecsl.org > /dev/null") == 0
          or warn "FAILED";
    }

    print "\n";

}

Reply to:

Follow-Ups:
- Re: two bind9 masters
  - From: Craig Sanders <cas@taz.net.au>
- Re: two bind9 masters
  - From: Dominique Görsch <ml-debian@dgoersch.info>

References:
- two bind9 masters
  - From: "Wojciech Ziniewicz" <wojciech.ziniewicz@gmail.com>
- Re: two bind9 masters
  - From: Gilles Mocellin <gilles.mocellin@free.fr>
- Re: two bind9 masters
  - From: "Wojciech Ziniewicz" <wojciech.ziniewicz@gmail.com>
- Re: two bind9 masters
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: two bind9 masters
  - From: "Wojciech Ziniewicz" <wojciech.ziniewicz@gmail.com>
- Re: two bind9 masters
  - From: Andy Smith <andy@lug.org.uk>

Prev by Date: Re: two bind9 masters
Next by Date: Re: two bind9 masters
Previous by thread: Re: two bind9 masters
Next by thread: Re: two bind9 masters
Index(es):
- Date
- Thread