Re: dns master-slave transfer
于 2012-10-29 9:58, kavin 写道: Now,I want transfer the zone data from the master dns serverto slave dns server ,the master dns use bind-dlz+mysql and the slave dns server use bind+file. On 29.10.12 10:45, Feng He wrote: AFAIK, BIND DLZ doesn't send a notify message to slave, so both your master and slave should be able to use the DLZ backend and run a mysql replication for data sync. NOTIFY is not required to implement DNS, it just makes propagation faster. AXFR should work without it, however the refresh/retry in SOA should be small enough (depends on how often you change the data). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using BIND-DLZ for a hidden master [was: Re: dns master-slave transfer]
Chris, Can one use BIND 9.9 inline signing with the unsigned version provided by a DLZ interface? there's no reason why you shouldn't be able to. Your BIND 9.9 inline signer would AXFR from BIND DLZ without trouble, but your signer won't be notified by DLZ; you'd have to manually issue NOTIFY (e.g. dnsnotify.pl) via cron or from a MySQL trigger (that's how I'd do it, anyway :) -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Using BIND-DLZ for a hidden master [was: Re: dns master-slave transfer]
2012/11/1 Chris Thompson c...@cam.ac.uk: On Oct 29 2012, Feng He wrote: 于 2012-10-29 9:58, kavin 写道: Now,I want transfer the zone data from the master dns serverto slave dns server ,the master dns use bind-dlz+mysql and the slave dns server use bind+file. AFAIK, BIND DLZ doesn't send a notify message to slave, so both your master and slave should be able to use the DLZ backend and run a mysql replication for data sync. That exchange prompts me to ask whether anyone has managed to use BIND-DLZ in something like the following scenario. We have a hidden master for vanity zones (we call them something else for the punters) that runs in a small footprint virtual machine together with the web server providing the updating interface. The latter stores the data in a MySQL database. At the moment there is a crontab that extracts data from that database and updates zone files (if they need changing - there are some neat-o optimisations) and does an rndc reload on the hidden master daemon. That NOTIFYs the public nameservers for the zones, which are are in fact our regular authoritative-only ones. It seems that one ought to be able to use BIND-DLZ to cut out a step there, but none of the how-to's for it seem to address this sort of scenario, and the NOTIFY issue is particularly relevant. Fast responses from the hidden master to queries are certainly *not* a requirement here, and indeed we expect to be able to operate with it (and its MySQL database) down for significant periods. On the other hand, there is also a possibility that we might want to sign the vanity zones (we use JANET, Nominet and Gandi for their registrations, who all support signed delegations now), and how that would interact with BIND-DLZ might also be an issue. Can one use BIND 9.9 inline signing with the unsigned version provided by a DLZ interface? In our case (big zones, distant servers) we have found DLZ very inefficient because of huge overhead due to AXFRs. Another problem is absence of NOTIFIes. As for me the way your system is working now is much more simple, predictable and reliable than DLZ. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- AP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Using BIND-DLZ for a hidden master [was: Re: dns master-slave transfer]
On Oct 29 2012, Feng He wrote: 于 2012-10-29 9:58, kavin 写道: Now,I want transfer the zone data from the master dns serverto slave dns server ,the master dns use bind-dlz+mysql and the slave dns server use bind+file. AFAIK, BIND DLZ doesn't send a notify message to slave, so both your master and slave should be able to use the DLZ backend and run a mysql replication for data sync. That exchange prompts me to ask whether anyone has managed to use BIND-DLZ in something like the following scenario. We have a hidden master for vanity zones (we call them something else for the punters) that runs in a small footprint virtual machine together with the web server providing the updating interface. The latter stores the data in a MySQL database. At the moment there is a crontab that extracts data from that database and updates zone files (if they need changing - there are some neat-o optimisations) and does an rndc reload on the hidden master daemon. That NOTIFYs the public nameservers for the zones, which are are in fact our regular authoritative-only ones. It seems that one ought to be able to use BIND-DLZ to cut out a step there, but none of the how-to's for it seem to address this sort of scenario, and the NOTIFY issue is particularly relevant. Fast responses from the hidden master to queries are certainly *not* a requirement here, and indeed we expect to be able to operate with it (and its MySQL database) down for significant periods. On the other hand, there is also a possibility that we might want to sign the vanity zones (we use JANET, Nominet and Gandi for their registrations, who all support signed delegations now), and how that would interact with BIND-DLZ might also be an issue. Can one use BIND 9.9 inline signing with the unsigned version provided by a DLZ interface? -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dns master-slave transfer
于 2012-10-29 9:58, kavin 写道: Now,I want transfer the zone data from the master dns serverto slave dns server ,the master dns use bind-dlz+mysql and the slave dns server use bind+file. AFAIK, BIND DLZ doesn't send a notify message to slave, so both your master and slave should be able to use the DLZ backend and run a mysql replication for data sync. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
