Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.protocols.dns.bind
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Using BIND-DLZ for a hidden master [was: Re: dns master-slave transfer]
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Chris Thompson  
View profile  
 More options Oct 31 2012, 7:05 pm
Newsgroups: comp.protocols.dns.bind
From: Chris Thompson <c...@cam.ac.uk>
Date: 31 Oct 2012 23:05:26 +0000
Local: Wed, Oct 31 2012 7:05 pm
Subject: Using BIND-DLZ for a hidden master [was: Re: dns master-slave transfer]
Print | View thread | Show original | Report this message | Find messages by this author
On Oct 29 2012, Feng He wrote:

>于 2012-10-29 9:58, kavin 写道:
>> Now,I want transfer the zone data from the master dns serverto slave
>> dns server ,the master dns use bind-dlz+mysql and the slave dns server
>> use bind+file.

>AFAIK, BIND DLZ doesn't send a notify message to slave, so both your
>master and slave should be able to use the DLZ backend and run a mysql
>replication for data sync.

That exchange prompts me to ask whether anyone has managed to use
BIND-DLZ in something like the following scenario.

We have a hidden master for vanity zones (we call them something else
for the punters) that runs in a small footprint virtual machine
together with the web server providing the updating interface. The
latter stores the data in a MySQL database.

At the moment there is a crontab that extracts data from that database
and updates zone files (if they need changing - there are some neat-o
optimisations) and does an "rndc reload" on the hidden master daemon.
That NOTIFYs the public nameservers for the zones, which are are in fact
our regular authoritative-only ones.

It seems that one ought to be able to use BIND-DLZ to cut out a step
there, but none of the how-to's for it seem to address this sort of
scenario, and the NOTIFY issue is particularly relevant. Fast responses
from the hidden master to queries are certainly *not* a requirement here,
and indeed we expect to be able to operate with it (and its MySQL database)
down for significant periods.

On the other hand, there is also a possibility that we might want to sign
the vanity zones (we use JANET, Nominet and Gandi for their registrations,
who all support signed delegations now), and how that would interact with
BIND-DLZ might also be an issue. Can one use BIND 9.9 "inline signing"
with the unsigned version provided by a DLZ interface?

--
Chris Thompson
Email: c...@cam.ac.uk


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google