• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1420
  • Last Modified:

Secondary DNS, Zone Transfer

Hi! I'd like to set up a secondary DNS server. My primary server supports zone transfers and everything works fine. I tested this with my live primary DNS server and a local development machine with Bind9 and Webmin. I used Webmin to create the slave zone for testing.

However, what I'd also like to do is make a frontend web-based GUI simply for adding slave zones. My preferred programming language is PHP, and I thought MySQL would do the job nicely for keeping zone information.

My question is about getting Bind to read and process the information from the MySQL database. What's the best way to go about doing this? It will be very basic because all I'm doing is adding a zone and then specify the primary DNS server's IP address. I don't need to add any host records because these will be fetched from the primary NS. It's my understanding that all I need is the following in my named.conf.local file:

zone "example.com" {
        type slave;
        masters {
                123.456.136.13;
                };
        file "/var/lib/bind/example.com.hosts";
};

Open in new window


... and Bind will do the rest - i.e. update the /var/lib/bind/example.com.hosts file. Assuming that's correct, what's the best way to retrieve the data from MySQL and then update the named.conf.local file in /etc/bind?
0
Julian Matz
Asked:
Julian Matz
4 Solutions
 
beezleincCommented:
Not following you.   Yes BIND will take care of updating the secondary's zone file (example.com.hosts in this case) when triggered by the zone's primary BIND server (actually when it detects the primary zone's serial number changes).   Keeping zone info in MySQL is a fine idea.  You will need a script (php) to rebuild the named.conf config files and kick off BIND (i.e.  kill -1) to reload the config files.   I don't believe BIND can create or recreate it's own config files from a database.
0
 
jar3817Commented:
Bind will not be able to load the zone data from MySQL. There is a patch for it, but I've never gotten it to work right.

You'll have to export the data either using a cron job or a button on the web interface. Cron will most likely be easier since you'll have to edit files owned by root, unless you give apache write permissions.

Write a script (php or bash or whatever) that pulls the zone info out of mysql and spits it out into a named.conf file. Then have your script call "rndc reload"
0
 
Julian MatzJoint ChairpersonAuthor Commented:
Thanks! Appending the named.conf.local file will be easy enough to add zones, but where I'd get stuck is updating zones and also checking to see if a zone already exists in the file.

Basically, adding a zone is fine but how to keep named.conf.local in sync with the database?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Julian MatzJoint ChairpersonAuthor Commented:
Or should I rebuild the named.conf.local file each time a new record is added to the database? Would that be better?
0
 
beezleincCommented:
Ideally your script should be able to rebuild the bind config files at any time from the data in your database.  
0
 
maquesCommented:
I suggest you to use one-liners in the zone.conf, eg.:
zone "example.com" { type slave; masters {123.456.136.13;}; file "/var/lib/bind/example.com.hosts"; };

then any line based search/tool could find/remove a domain easily, like grep [-v] "example.com"...

I use it with several thousand domains, makes scripted management an easypie.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now