On 5/9/2014 3:01 PM, John Wobus wrote:
...if anyone has specific
thoughts on how to make this sort of thing easier in BIND -- even
just at
the level of "boy, it irritates me that I can't make BIND do <X>" --
such comments will fall on welcoming ears.
I agree that it would be nice if effort were made into making flipping
masters straight-forward, i.e., not require a change to every zone
declaration
and not force the operator to deal with zone files that suddenly need to
switch between binary and ascii. (There may be good ways to do this now
that I'm unaware of.)
Where is the line drawn these days between DNS management protocols and
provisioning protocols? Because, I've long thought the idea of feeding a
config (i.e. the contents of a named.conf file) to a "named" instance
via "rndc" would be an easy and secure way of quickly reconfiguring it
to a different role (e.g. from master to slave, or _vice_versa_, for a
whole bunch of views/zones in one fell swoop). Since the config is in a
very regular, structured format, I'm sure some sort of encoding and/or
compression could be employed to make the actual data transfer size
fairly compact.
The only big gotcha that comes to mind here is if the named.conf is
segmented via include files with different access privileges (e.g. not
letting key definitions be world-readable), that segmentation/protection
would need to be preserved on the receiving side.
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
