When implementing redundancy as far as DNS is concerned, automated is always better. In a hosting environment, new zone files are constantly being created.
This need for a DNS master/slave implementation where new zone files are transferred between the master nameserver and the slave became apparent as operations grew and geographic DNS redundancy became apparent.
Obviously some commercial dns products provide this type of functionality out-of-the-box, but I will show you how to do this with a simple Bind DNS distribution.
I wrote this tutorial to help you, hopefully, to create an automated DNS slave / zone file transfer environment. Obviously you can create as many slave servers as you feel necessary.
MASTER Server
1. Edit /etc/named.conf and add the following to the options section where xx.xx.xx.xx is the ip of your slave server.:
2. Create a script with the following, where somedirectory is the directory on your SLAVE server to store the slave zones and where yy.yy.yy.yy is your MASTER server ip and somewwwdir is a directory browsable via http and finally someslavefile.conf is the output file to write you slave config:
#
for domain in `/bin/grep ^zone /etc/named.conf |/bin/grep "type master" |/bin/awk '{print $2}' |/bin/awk -F\" '{print $2}'`
do
/usr/bin/printf "zone \"${domain}\" { type slave; file \"/var/named/slaves/somedirectory/${domain}.db\"; masters { yy.yy.yy.yy; }; };\n"
done > /var/www/html/somewwwdir/someslavefile.conf
3. Test the script to ensure it is writing out the appropriate format.
4. Run the script as any user with permission to write to an http visible directory via cron.
SLAVE SERVER
1. Transfer the rndc.key file from your master server to the slave :
2. Edit ns1rndc.key and change the name of the key definition.
3. Edit named.conf and add the following to the options section:
4. Append the following to the named.conf file:
include "/path/to/someslavefile.conf";
5. Run the following commands
mkdir /var/named/slaves/somedirectory/
chown -R named:named /var/named/slaves/somedirectory/
/etc/init.d/named restart
6. Create a script:
/usr/bin/wget http://yy.yy.yy.yy/somewwwdir/someslavefile.conf -O /var/named/slaves/someslavefile.conf
/etc/init.d/named restart
7. Add to root’s crontab
In the second slave script, you see that the transfer is done via wget. This can be replaced by many other more secure methods. If ssh based key authentication is employed, a simple scp or even rsync can be utilized to accomplish the actual zone transfer.
Fantastic script. But it does not function.
In my box prints absolutely nothing even though it creates the new file and there are no errors !
Can you please help ?
If you are talking about the “printf” statement, its best to try that line on the command line and see what happens. Just replace “{domain}” with an actual domain.
Next you should try the “grep” command in the “for” loop on the command line. Most likely the format of your zone files is a little different than what I was using.
Don’t you think that this is quite an unsecure way of running a slave server?
Hello! , can you help with a bind.conf.option with a more than one line per entry?
example
zone “domain.com” {
type master;
allow-transfer {none;};
file “/etc/bind/pri.domain.com”;
};
see? your bash script expects to find the entire entry on just one line.
That’s why many of us will see no output by testing the command on the shell. Obviously i just can’t alter the format of my files because are generated from other programs. How can i read such these entries in order to generate a file to be sent to the mirror? (i’m not so skilled with regexp).
Thank you in advance