Okay, I wrote a couple of `inotifywait` scripts. One that detects changes on the primary */var/named/etc/bind/client_zones/zones.include* file and the other on the secondary DNS server to force a re-read of this file. The was a bit more as well because on the secondary, the record will look like this:
//sharepoint.integrations.mydomain.com-BEGIN zone "sharepoint.integrations.mydomain.com <http://www.google.com/url?q=http%3A%2F%2Fsharepoint.integrations.mydomain.com&sa=D&sntz=1&usg=AFQjCNGT0UwU9MuZ3kbrLzEvN3x3vhIffQ>" { type slave; masters { 5.6.7.8; } file "client_zones/sharepoint.integrations.mydomain.com.db"; allow-transfer { none; }; }; //sharepoint.integrations.domain.com-END So, that's solid, but on the Master/Primary side there is a clumsy concept. Basically, for every zone created, the user is expected to REMEMBER to allow AXFR by explicitly adding the IP of any secondaries in the WebUI. Any time I ask a group of users to remember something I see a pretty low success rate. I would love to see a code change where at a higher scope we could force `allow-notify` and `allow-transfer`. I'm not a PHP coder to be sure, because this isn't working on my install, but it would look something like this... with a variable instead of 5.6.7.8. app/src/Scalr/Net/Dns/Zone.php { $ctags = array( "{name}" => trim($soa->name, "."), "{allow_transfer}" => 'allow-transfer { 5.6.7.8; };', "{also-notify}" => 'allow-notify { 5.6.7.8; };' ); if ($axfrAllowedHosts) { $ctags['{allow_transfer}'] = "allow-transfer { 5.6.7.8; {$axfrAllowedHosts}; };"; $ctags['{also-notify}'] = "also-notify { 5.6.7.8; {$axfrAllowedHosts}; };"; } $config = self::DEFAULT_ZONE_CONFIG; $config = str_replace( array_keys($ctags), array_values($ctags), $config ); } On Tuesday, February 23, 2016 at 12:22:14 PM UTC-7, Jay Farschman wrote: > > Good Afternoon, > > It's time that I ask for advice on setting up a Secondary DNS server. > > I have DNS working on 5.10 Scalr. It's pretty elegant (BIND9) and allows > for entries made into the WebUI to appear in the > */var/named/etc/bind/client_zones/* directory along with a list of all > the zones in a */var/named/etc/bind/client_zones/zones.include *file. > > client_zones/ > ├── cloud.mydomain.com.db > ├── integrations.mydomain.com.db > ├── sharepoint.integrations.mydomain.com.db > ├── mydomain.com.db > └── zones.include > > > The *zones.include* file then has an entry pointing to each zone. > > //sharepoint.integrations.mydomain.com-BEGIN > zone "sharepoint.integrations.mydomain.com" { > type master; > file "client_zones/sharepoint.integrations.mydomain.com.db"; > allow-transfer { none; }; > > }; > > //sharepoint.integrations.domain.com-END > > > But what about the secondary server? All of the above magic works because > scripts populate the files. On a Secondary DNS server we need to replicate > everything done on the primary, but with some thing like references to > allow the two to talk. > > Has anyone worked this out yet, or is this green field work for me to do ? > Thanks. > > > -- You received this message because you are subscribed to the Google Groups "scalr-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
