Quoting Stuart Henderson <s...@spacehopper.org>:
No - you wouldn't do it with Unbound which is a *recursive* DNS
server, you would use an authoritative one like NSD, PowerDNS, Knot
or BIND. All you would do with Unbound is use stub-zone to point it
at an authoritative server.
--
Sent from a phone, apologies for poor formatting.
On 26 July 2019 11:05:44 Flipchan <flipc...@riseup.net> wrote:
Can you link to any guides or pratical howtos on how to pratically
do that with unbound ?
Thanks
On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson
<s...@spacehopper.org> wrote:
On 2019-07-25, Flipchan <flipc...@riseup.net> wrote:
Greetings everyone,
Does anyone have a good solution for syncing unbound configuration files?
i have the senario where i have two internal LAN's that in two
different offices that need to have the same internal
dns system for the local systems, and there is a lot of changes
being done in the internal zone records so i need
a good way to sync them(the ideal way where to have a similar
solution like mysql's master-master replication).
Both dns resolvers are running unbound on openbsd 6.5 and right now
the configuration file is synced with ansible.
Does anyone have a good solution on replicating dns records/configs
for unbound. In the future it will be scaled
even more so right now is a good time to implement some replication
for the unbound configs.
Does anyone have a solution for this?
There is people changing the config files on both instances so the
ideal way would be a replication real time sync function.
Anyone got any ideas?
Thanks in advance
Ciao
flipchan
If multiple sites are updating records in the same internal zone at various
times, they would probably be better off with a normal
authoritative DNS server
serving that zone (with e.g. stub-zone to point unbound at it),
editing it in
one place, and using normal DNS replication (zone-transfer and notify)
to push the updates.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
I have two locations (foretell.ca and lab.foretell.ca) and for quite a
while used NSD and Unbound. But switched to the following approach
(however my use case is very simple and my networks are small, but it
works well for me)
My unbound.conf on four DNS servers have
include: "/var/unbound/etc/zonedata"
I then set up a simple zonedata file on one server with stuff such as:
local-zone: "foretell.ca." static
.
.
local-zone: "lab.foretell.ca." static
.
.
local-zone: "0.0.10.in-addr.arpa." static
.
.
local-zone: "3.72.10.in-addr.arpa." static
.
.
etc. etc.
Changes to zonedata reflect changes at both locations. Then I just
have a rsync process running a few times a day that does the following:
fr1s1.foretell.ca# more dnsupdate.sh
rsync -av zonedata 10.0.0.1:/var/unbound/etc/
rsync -av zonedata 10.0.0.3:/var/unbound/etc/
rsync -av zonedata 10.72.3.1:/var/unbound/etc/
rsync -av zonedata 10.72.3.3:/var/unbound/etc/
ssh 10.0.0.1 /etc/rc.d/unbound restart
ssh 10.0.0.3 /etc/rc.d/unbound restart
ssh 10.72.3.1 /etc/rc.d/unbound restart
ssh 10.72.3.3 /etc/rc.d/unbound restart
Obviously I am not sure if this will scale for your requirements but
mentioning this just in case it helps.
Vijay
--
ForeTell Technologies Limited
59 Flamingo Avenue
Winnipeg, MB, Canada
R3J 0X6
