Best implementation of many zonfiles containing the same info (to avoid duplicate IP-nr)
ne...@teknologia.com
many zonefiles, but how is best way of doing it?
Let's say we have 200 domain names, one zonefile for each. All domains
points to same servers so all zonefiles are more or less equal except
for the SOA-record-line and the A-record for the root level of the
domain name.
Our main server is www5.ourcompany.com so all zonefiles uses CNAME for
all subdomains and stuff, pointing to www5.oucompany.com. (MX and NS
points to other servers as well).
We would like to get around the problem of having the following line in
each zonefile:
domainname.com IN A X.X.X.X
First thought was to put CNAME even here but I know that is not
allowed.
I simply wants to avoid IP-number in every zonefile because of the work
involved every time the IP-nr change of the main server.
Any suggestion to do this? Of course it must agree with RFC regulations
and follow bind rules.
Best regards
Martin Rådbo
Ivo Sabev
I know that you can have a directive $INCLUDE in your zone file, so to
include another file in the zone records. I did not test it but I think
that, making a separate zone file for each domain with the SOA record and
the other unique records and then including the common part for all domains
from one file is possible.
If you try it that way, please respond with the results. Also I did not know
if this is a secure way or not. But if you dig a little I think there will
be an answer.
Best regards Ivo Sabev
Karl Auer
> We would like to get around the problem of having the following line in
> each zonefile:
> domainname.com IN A X.X.X.X
Use $INCLUDE and "@"?
@ is the origin either as specified with $ORIGIN or the name of zone as
given in the named.conf entry referring to the file.
Put a line like "@ in a x.x.x.x" in a file like "my_ip.inc" and put
"$INCLUDE my.inc" in each zone file...
See
http://www.zytrax.com/books/dns/ch8/include.html
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
ne...@teknologia.com
the serial number in each zone-file and restart bind to get it to work.
I know you can script such things but it would be so pleasant if the
only thing you need to do was to change the IP-nr in one single place.
CNAME would do it but is impossible to use.
Other suggestions?
// Martin
Karl Auer skrev:
Karl Auer
> $INCLUDE seems to work but if the IP-nr change you still need to change
> the serial number in each zone-file and restart bind to get it to work.
Put the serial number in an include file too. Change it in one place,
restart BIND... If all your other details (admin address, mname, retry
refresh etc) are the same, you can just put the whole SOA record in an
include file.
Barry Margolin
> When handling a lot of domain names you want to avoid the same IP-nr in
> many zonefiles, but how is best way of doing it?
If all the zones are identical, you can simply use the same filename in
all the "zone" statements. In the zone file, use @ to refer to the zone
name, and make all other names unqualified.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
Paul Colquhoun
| $INCLUDE seems to work but if the IP-nr change you still need to change
| the serial number in each zone-file and restart bind to get it to work.
|
|
| I know you can script such things but it would be so pleasant if the
| only thing you need to do was to change the IP-nr in one single place.
| CNAME would do it but is impossible to use.
|
| Other suggestions?
When you write the 'zone' config section for each domain in the config
file, point to the same file for each domain, like this:
zone "domain-1.com" IN {
type master;
file "data/common.zone";
};
zone "domain-2.com" IN {
type master;
file "data/common.zone";
};
Make sure you use the '@' symbol in the data/common.zone file, and rely
on the domain auto-complete feature (i.e. leave the domain off the end
of any references, and don't use a trailing '.' character).
All the domains will have identical SOA data, as well as identical
hostnames, IP addresses, etc.
--
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
Asking for technical help in newsgroups? Read this first:
http://catb.org/~esr/faqs/smart-questions.html#intro
Kevin Darcy
> On 8 Sep 2006 08:45:09 -0700, ne...@teknologia.com <ne...@teknologia.com> wrote:
> | the serial number in each zone-file and restart bind to get it to work.
> |
> |
> | I know you can script such things but it would be so pleasant if the
> | only thing you need to do was to change the IP-nr in one single place.
> | CNAME would do it but is impossible to use.
> |
> | Other suggestions?
>
>
> file, point to the same file for each domain, like this:
>
>
> zone "domain-1.com" IN {
> type master;
> file "data/common.zone";
> };
>
> zone "domain-2.com" IN {
> type master;
> file "data/common.zone";
> };
>
>
> Make sure you use the '@' symbol in the data/common.zone file, and rely
> on the domain auto-complete feature (i.e. leave the domain off the end
> of any references, and don't use a trailing '.' character).
>
> All the domains will have identical SOA data, as well as identical
> hostnames, IP addresses, etc.
>
"@" syntax. So, you could have a zone file with
$INCLUDE @
at the bottom, reference this same zone file from multiple zone
definitions in named.conf, and then each of the include files could
"customize" the zone data on a per-zone basis by adding additional
records beyond the "core" (in cases where no customization is required,
the include file could be zero-length). The core zone file could be
called "core", and then all of the per-zone include files would be named
after the zone, e.g. a "foo.com" include file for the foo.com zone, a
"bar.com" include file for the bar.com zone, and so forth.
This feature would appear to violate no standards since all that RFC
1035 says about "@" is "A free standing @ is used to denote the current
origin", without limiting the context of that substitution to Resource
Records. And of course the precedent of allowing @-substitution in
directives is already established, since the $ORIGIN directive allows
it. Seems like this feature wouldn't be that hard to program into the
zonefile parser either. Maybe I'll take a shot at it...
- Kevin
ne...@teknologia.com
Example:
=====
$TTL 14400
@ IN SOA domainname.com. registry.latitud.net. (
2006041201 ; Serial
14400 ; Refresh
900 ; Retry
604800 ; Expire
3600 ) ; Negative Cache TTL
@ IN NS ns.isp.net.
======
// Martin
Barry Margolin skrev:
Jeffrey Reasoner
On Mon, 2006-09-11 at 17:18, ne...@teknologia.com wrote:
> Is it possible to change the domain name in the SOA-record to a @ ??
>
> Example:
> =====
> $TTL 14400
> @ IN SOA domainname.com. registry.latitud.net. (
> 2006041201 ; Serial
> 14400 ; Refresh
> 900 ; Retry
> 604800 ; Expire
> 3600 ) ; Negative Cache TTL
> @ IN NS ns.isp.net.
> ======
>
> // Martin
>
>
> Barry Margolin skrev:
>
#####################################################################################
This email has been scanned by MailMarshal, an email content filter.
#####################################################################################
Barry Margolin
> Is it possible to change the domain name in the SOA-record to a @ ??
Yes? In fact, that's how most people write their SOA records, I think:
@ IN SOA masterns.domain.com. hostmaster.domain.com. ( ...
I strongly recommend this. Even when you're not trying to share a zone
file between zones, it makes it easy to cut and paste the SOA record.