Automated zone file transfer from primary nameserver to secondary

Posted on 2006-04-14
Last Modified: 2013-12-24
I have nothing but admiration for guys who know DNS well....  500 points.  Wish I could give more.....

Our old dedicated server automatically does all our DNS work for us... for <> 150 sites now... a blessing indeed!  All we do is add a site, it automatically creates the primary and secondary DNS zones and sets them up on external nameservers... we don't even know how (proprietary scripts I am guessing!)!  No matter!

Anyway, now we have a new server with another company and have to do our own DNS. I have successfully installed a primary nameserver, and managed to get it to transfer DNS data for a couple of zones to a free secondary nameserver.  Bind9.  It works well, transfers the changes, looks good.  Now we are ready to set up a secondary nameserver of our own.

My question is, "How can we set this up so that it can automatically tranfer NEW ZONE FILES to our secondary nameserver?"  In other words, when we create a site, it creates our primary DNS zone files and restarts bind.  The primary name server answers queries, no problem.  Is the only way to set up transfers to the secondary server to manually create a new slave zone file on the secondary server and add allow-transfer to the primary zone file?

Or is there some option in BIND I am not seeing or not understanding (masters?) that can transfer not only updated zone info. but set up any new zone files on the secondary?


Question by:rbartz
    LVL 15

    Accepted Solution

    There is no option in BIND to do it without some extra work, because there is no standard query that would work like "give me all ZONES that you host".

    So, you have to MAKE one!;))

    What you can do is

    1. create a fake zone, say "" on the master DNS, and list all zones in it as TXT or PTR records.
    2. create this zone on the slave and establish transfer
    3. create a cron job on the slave that would check this meta-zone for new records, add new zones to BIND config and do a rndc_reload.

    In reality, once we reached about 100 domains we built a database for all DNS informaiton and now both nameservers are building zones based on this database. When you are at 150 domains managing all this info just in zone files is probably quite a pain.
    LVL 4

    Author Comment

    As I said, having our host do all that with scripts that interface with their nameservers is a blessing!  Having to mess with a few zones manually is enough for me, although I am happy to learn this stuff and love to make it work.

    Ok, I can see some potential here... but what I am interested in now is how you implimented your database.

    We use ispConfig on this new server, and the domain and zone data is already stored in an MySql database!  Along with that, the almost 150 domains hosted on our old server will be moved by the end of this year to another new server using ispConfig as well, meaning no problem for them to use a common database and for one to create the primary zone files and the other to create the secondary files etc, which is what I am assuming you are doing in essence.

    Can you describe your system to me without compromising your IP...?   :-)
    LVL 15

    Expert Comment

    I can.

    In a nutshell, the only difference is we use PostgreSQL as database, and we initially did it because we had a multihomed network with 2 T1-s coming in - so we implemented DNS-based failover. Plus, this DB stored the private addresses of the servers as well and it was used to build firewall NAT tables and local DNS zones.

    Both DNS servers use the same set of PHP shell scripts that connect to the DB and build the zone files.

    You don't have to have one DNS running as master and another one as slave - they both can use the same scripts to build zones from the DB, and that's even better because the second one becomes independent of the failures of the first one. As long as the information is the same, you can't really tell from the outside whether the zone is a slave or master in a particular DNS server.

    LVL 4

    Author Comment

    Ok, I have the idea anyway, and it seems fairly easy to do actually.  The database already lists everything that is in the zone files, and the existing PHP programming that the control panel uses already builds the master zone files ( is that easy or what? ).

    You actually answered both my questions in the first mail, I appreciate the extra insight.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now