oppofwar
asked on
DNS zone data transfer from slave to master
I have configured a test dns server with master and slave for abc.com . For every update in zone file update is working fine from master to slave , But i want slave to have rights to update the zone file so that zone file automatically gets updated.
(Attn : People with "rsync option" kindly abstain from posting soln )
Master (named.conf) :
acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
listen-on port 53 { 127.0.0.1; 10.1.0.171 ; };
directory "/var/named";
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
memstatistics-file "/var/named/data/named_mem
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { loc; };
allow-query-cache { loc; };
};
server 10.1.0.172 {
keys { ddns-update ; };
};
include "/etc/ddns-update.dnskey";
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { loc; };
match-destinations { loc; };
recursion yes;
// include "/etc/named.root.hints";
// include "/etc/named.rfc1912.zones"
zone "abc.com" IN {
type master;
file "abc.com.zone";
notify yes;
allow-transfer { loc;};
allow-update { key "ddns-update" ; };
};
zone "0.1.10.in-addr-arpa" {
type master;
file "0.1.10.zone";
allow-transfer { loc; };
allow-update { key "ddns-update" ; };
};
};
Slave (named.conf) :
acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
listen-on port 53 { 127.0.0.1; 10.1.0.172 ; };
directory "/var/named";
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
memstatistics-file "/var/named/data/named_mem
allow-query { loc; };
allow-notify { loc; };
};
include "/etc/ddns-update.dnskey";
server 10.1.0.171 {
keys { ddns-update;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { loc; };
match-destinations { loc; };
recursion yes;
// include "/etc/named.root.hints";
include "/etc/named.rfc1912.zones"
zone "abc.com" IN {
type slave;
file "abc.com.zone";
notify yes;
masters { 10.1.0.171; };
allow-transfer { loc; };
allow-update { key "ddns-update"; };
};
zone "0.1.10.in-addr-arpa" {
type slave ;
masters { 10.1.0.171; };
file "10.1.0.zone";
};
};
(Attn : People with "rsync option" kindly abstain from posting soln )
Master (named.conf) :
acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
listen-on port 53 { 127.0.0.1; 10.1.0.171 ; };
directory "/var/named";
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
memstatistics-file "/var/named/data/named_mem
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { loc; };
allow-query-cache { loc; };
};
server 10.1.0.172 {
keys { ddns-update ; };
};
include "/etc/ddns-update.dnskey";
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { loc; };
match-destinations { loc; };
recursion yes;
// include "/etc/named.root.hints";
// include "/etc/named.rfc1912.zones"
zone "abc.com" IN {
type master;
file "abc.com.zone";
notify yes;
allow-transfer { loc;};
allow-update { key "ddns-update" ; };
};
zone "0.1.10.in-addr-arpa" {
type master;
file "0.1.10.zone";
allow-transfer { loc; };
allow-update { key "ddns-update" ; };
};
};
Slave (named.conf) :
acl loc { 127.0.0.1; 10.0.0.0/8; };
options {
listen-on port 53 { 127.0.0.1; 10.1.0.172 ; };
directory "/var/named";
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
memstatistics-file "/var/named/data/named_mem
allow-query { loc; };
allow-notify { loc; };
};
include "/etc/ddns-update.dnskey";
server 10.1.0.171 {
keys { ddns-update;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { loc; };
match-destinations { loc; };
recursion yes;
// include "/etc/named.root.hints";
include "/etc/named.rfc1912.zones"
zone "abc.com" IN {
type slave;
file "abc.com.zone";
notify yes;
masters { 10.1.0.171; };
allow-transfer { loc; };
allow-update { key "ddns-update"; };
};
zone "0.1.10.in-addr-arpa" {
type slave ;
masters { 10.1.0.171; };
file "10.1.0.zone";
};
};
Duncan Roe
You cannot do this. A slave is just that - a slave. It can download zones but only the master can update them.
A DHCP server on the Slave system must send DDNS updates to the master, not the local slave DNS
ASKER
Is there any other way to achieve it . Also there are 2 masters how to sync records between them.
You are breaking the structure by having 2 masters for the same zone (if that is what you're doing). DNS is supposed to be strictly hierarchical
ASKER
duncan we need 2 master for redundancy , this structure is used in many infrastructure.
Yes there are lots of duplicates of the root server - I've noticed that before. I would try Google or Wikipedia to find out how they do it. (I had a quick look at Wikipedia and there is a Root nameserver topic, but I didn't see the coordination mechanism in the few seconds I spent looking. As you say, there must be one)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Please follow comments