What methods do you guys use to keep your DNS slave servers updated with new zones (for those of you that don't ghetto-rig two+ nameservers on one machine!). For instance, a customer signs up, a zone gets created on the master... Now, I don't want to go editing the config on every nameserver to let it know it is now a slave for this domain, it gets quite tedious when you get into the hundreds of domains.

I guess you guys all ghetto-rig? heh

Originally posted by exp
What methods do you guys use to keep your DNS slave servers updated with new zones (for those of you that don't ghetto-rig two+ nameservers on one machine!). For instance, a customer signs up, a zone gets created on the master... Now, I don't want to go editing the config on every nameserver to let it know it is now a slave for this domain, it gets quite tedious when you get into the hundreds of domains.

There's tonnes of different ways to do this.

Some use a simple Perl script that copies over the information to the secondary via SSH and restarts Bind there.

Some use CVS to handle all zones, and then use a simple script that automatically checks out on both servers, when someone checks in.

Others (like me) use a full-blown web interface that handle all replication issues automatically.

I use the web interface DNSman on the master and have configured DNSman to send an email to the slaves. The email contains the master conf file. The slaves that receives the email updates the named.conf file using procmail and restarts named. This could be tricky with priviliges. An alternativ is to let the email create an flag (file in /tmp for example) and to run a cron job as the user named that updates the conf file and nohups named.

/lennart

Originally posted by leat
I use the web interface DNSman on the master and have configured DNSman to send an email to the slaves. The email contains the master conf file. The slaves that receives the email updates the named.conf file using procmail and restarts named. This could be tricky with priviliges. An alternativ is to let the email create an flag (file in /tmp for example) and to run a cron job as the user named that updates the conf file and nohups named.

/lennart

That sounds a bit like a big hack?

How do you make sure that noone sends an email to your system? (i.e. some not authorized)

Originally posted by jks


That sounds a bit like a big hack?

How do you make sure that noone sends an email to your system? (i.e. some not authorized)

Well, the email address is not obvious, some header fields needs to be there. Its no major hack, its only a script that converts the master conf file to a slave one and then nohups named.

/lennart

Originally posted by leat


Well, the email address is not obvious, some header fields needs to be there. Its no major hack, its only a script that converts the master conf file to a slave one and then nohups named.

/lennart

To me, using email for that sounds like a hack.

It's much simpler and more secure to do by using SSH.

One way would be use an include in the bind.conf file, and then use another program (like rsync) to transfer the file from the server, and then on the server you would have the master file, and then a slave file that can be accessed through the transfer method, so that all editing happens on the main server.