[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Zone Transfers
- Subject: RE: [cobalt-users] Zone Transfers
- From: <rpaiz@xxxxxxxxxxxxxx>
- Date: Fri Mar 23 22:28:08 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> > Trick is on the secondary's side, Thom. We each always setup
> > our own domains anyway, but then you have to email your
> > secondary and have them set it up too.
>
> Somehow I think zone transfers is the approach. But to be
> safe, one might have to deny all and then specify which ones
> to allow.
>
> I don't know exactly how it works, but I believe that's the option...
> One system(slave) polls the other(master) for the zone information
You're right... you just have the order bass-ackwards.
1.) Fully configure NS1 as master NS for domain.com.
2.) Inform NS1 that NS2 is allowed to transfer zones for
domain.com.
3.) Tell NS2 to provide secondary service for domain.com,
and inform it that NS1 is the master.
Done (and all the real work is done on ns1 as it should be). Now ns2
does a zone transfer automatically to be able to serve the right
information. When changes are made (since we're all using modern BIND
versions, RIGHT?) ns1 will NOTIFY ns2 and another zone transfer will be
done automatically. Also, at the end of an expire period (once a day)
ns2 will ask ns1 if there are any changes and update its zone file (via
zone transfer) if necessary.
> I would have to allow you to access my information, and your
> system needs to be set to "reach out" and grab my information.
Say ns1=111.222.333.444 and ns2=222.333.444.555
In your named.conf for ns1...
zone "domain.com" IN {
type master;
file "dd.ddd.d.d.d";
allow-transfer { 222.333.444.555 };
allow-update { none; };
};
In my named.conf for ns2...
zone "domain.com IN {
type slave;
masters { 111.222.333.444; };
allow-update { none; };
};
When I modify the file and restart named on ns2, it's going to notice
that it knows bupkis about domain.com and go ask ns1. Piece of cake.
Automation ought not to be too difficult either; see my script-wannabe
in some other post. Doing this for *one* domain is no problem... the
challenge was to see if we could come up with a way to setup a server as
a secondary for a whole other server. However, given the nature of the
game, I suggest that perhaps we finish making it easy to do domains one
by one manually, and later work on whole-server. This way we have some
results and benefits quickly and can work on the other idea on a more
leisurely basis.
--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>