RE: How to modify A records on the slave when master is down?
Huh? sftp uses secure transport as does scp and both use the same keys as ssh. I can see no way in which ftps would be viewed as superior. Exactly how are you losing RSA keys and if you do aren't you more concerned that you can no longer ssh into the box? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alberto Colosi/SI/RM/GSI/it Sent: Wednesday, December 03, 2008 5:25 PM To: Mike Bernhardt Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: How to modify A records on the slave when master is down? better to use an ftps then an sftp. use vsftpd with SSL compile option GNU lftp lftp is really simple and can be configured to bypass RSA CA verify sso to allow selfsigned and many other settings. The difference is that if you lose RSA keys or in all cases, using the RSA keys to allow SCP, you could have a command line session too if used with SSH instead. The main difference is a bit of security more ;) --- Alberto Colosi IBM Global Business Services Sistemi Informativi S.P.A. IT NetWork Security Department *-* *-* *-* SECURITY IS EVERYONE'S BUSINESS Member of IBM Information Security WW CoP Mike Bernhardt [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/12/2008 22.59 To [EMAIL PROTECTED], [EMAIL PROTECTED] cc Subject RE: How to modify A records on the slave when master is down? What we used to do is we had 2 masters. After an update was done on one of them, we ran a perl script that would scp the db files to the other and then send rndc reload to itself and the other master. That way both were always up to date. It seems like if you had one master and one slave at each datacenter, this would work very well. After the down datacenter comes back up, simply run the script from the up-to-date master. I can send you the perl script to save you some time if you want. The main trick was getting scp to work with rsa keys so no password is required (although it could work fine with a password if you're running the script manually). Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2008 9:10 PM To: [EMAIL PROTECTED] Subject: How to modify A records on the slave when master is down? Hello. I have two geographically different datacenters. Each datacenter has two instances of BIND. There is one master out of these four. The zones will have multiple A records (pointing to the two datacenters to provide some minimal amount of redundancy and load balancing) What I want to do is put together a plan for when the master either fails or the master becomes unavailable. So if your master fails, or more likely, it becomes unavailable, and I need to change the A records on the other slaves, how do you do it? Can I have a master in each datacenter and a slave in each datacenter, but a change made to any master propagates to all slaves? For that matter, can I just have four masters and be done with it? It doesnt make sense that I could have multiple masters.. but I have no idea how to solve this problem. If datacenter A goes down for three days, i want to be able to modify the slave A records to stop pointing to the bad datacenter. And when the datacenter comes back up and the old master is alive, I want everything to work. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to modify A records on the slave when master is down?
On Fri, 2008-11-21 at 21:10 -0800, [EMAIL PROTECTED] wrote:
Hello. I have two geographically different datacenters. Each
datacenter has two instances of BIND.
There is one master out of these four. The zones will have multiple
A records (pointing to the two datacenters to provide some minimal
amount of redundancy and load balancing)
What I want to do is put together a plan for when the master either
fails or the master becomes unavailable.
So if your master fails, or more likely, it becomes unavailable, and I
need to change the A records on the other slaves, how do you do it?
Can I have a master in each datacenter and a slave in each datacenter,
but a change made to any master propagates to all slaves? For that
matter, can I just have four masters and be done with it?
It doesnt make sense that I could have multiple masters.. but I have
no idea how to solve this problem. If datacenter A goes down for
three days, i want to be able to modify the slave A records to stop
pointing to the bad datacenter. And when the datacenter comes back up
and the old master is alive, I want everything to work.
You can always promote a slave to master status, or maintain a DR copy
of the zone.
Configure your slave servers to look to your second master (or the slave
that will be promoted as needed) as a second master, and enable
multi-master. Like this:
zone zone.name {
type slave;
file zone.file;
masters {
ip-of-master;
ip-of-backup-master;
};
multi-master yes;
};
If you have a backup (or DR) master, then the slaves will switch to its
version of the zone automatically. If you instead use a slave that will
be promoted for this purpose, then, when disaster strikes:
- Promote the slave (edit the zone statement, changing the type and
removing the 'masters' and 'multi-master' statements).
- Edit the zone as needed.
- 'rndc reconfig' ought to work, but you may need 'rndc reload' instead.
If you have lots of zones, it makes sense to keep a whole separate
named.conf instead, and simply switch over to it.
Chris Buxton
Men Mice
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: How to modify A records on the slave when master is down?
What we used to do is we had 2 masters. After an update was done on one of them, we ran a perl script that would scp the db files to the other and then send rndc reload to itself and the other master. That way both were always up to date. It seems like if you had one master and one slave at each datacenter, this would work very well. After the down datacenter comes back up, simply run the script from the up-to-date master. I can send you the perl script to save you some time if you want. The main trick was getting scp to work with rsa keys so no password is required (although it could work fine with a password if you're running the script manually). Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2008 9:10 PM To: [EMAIL PROTECTED] Subject: How to modify A records on the slave when master is down? Hello. I have two geographically different datacenters. Each datacenter has two instances of BIND. There is one master out of these four. The zones will have multiple A records (pointing to the two datacenters to provide some minimal amount of redundancy and load balancing) What I want to do is put together a plan for when the master either fails or the master becomes unavailable. So if your master fails, or more likely, it becomes unavailable, and I need to change the A records on the other slaves, how do you do it? Can I have a master in each datacenter and a slave in each datacenter, but a change made to any master propagates to all slaves? For that matter, can I just have four masters and be done with it? It doesnt make sense that I could have multiple masters.. but I have no idea how to solve this problem. If datacenter A goes down for three days, i want to be able to modify the slave A records to stop pointing to the bad datacenter. And when the datacenter comes back up and the old master is alive, I want everything to work. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: How to modify A records on the slave when master is down?
better to use an ftps then an sftp. use vsftpd with SSL compile option GNU lftp lftp is really simple and can be configured to bypass RSA CA verify sso to allow selfsigned and many other settings. The difference is that if you lose RSA keys or in all cases, using the RSA keys to allow SCP, you could have a command line session too if used with SSH instead. The main difference is a bit of security more ;) --- Alberto Colosi IBM Global Business Services Sistemi Informativi S.P.A. IT NetWork Security Department *-* *-* *-* SECURITY IS EVERYONE'S BUSINESS Member of IBM Information Security WW CoP Mike Bernhardt [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/12/2008 22.59 To [EMAIL PROTECTED], [EMAIL PROTECTED] cc Subject RE: How to modify A records on the slave when master is down? What we used to do is we had 2 masters. After an update was done on one of them, we ran a perl script that would scp the db files to the other and then send rndc reload to itself and the other master. That way both were always up to date. It seems like if you had one master and one slave at each datacenter, this would work very well. After the down datacenter comes back up, simply run the script from the up-to-date master. I can send you the perl script to save you some time if you want. The main trick was getting scp to work with rsa keys so no password is required (although it could work fine with a password if you're running the script manually). Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 21, 2008 9:10 PM To: [EMAIL PROTECTED] Subject: How to modify A records on the slave when master is down? Hello. I have two geographically different datacenters. Each datacenter has two instances of BIND. There is one master out of these four. The zones will have multiple A records (pointing to the two datacenters to provide some minimal amount of redundancy and load balancing) What I want to do is put together a plan for when the master either fails or the master becomes unavailable. So if your master fails, or more likely, it becomes unavailable, and I need to change the A records on the other slaves, how do you do it? Can I have a master in each datacenter and a slave in each datacenter, but a change made to any master propagates to all slaves? For that matter, can I just have four masters and be done with it? It doesnt make sense that I could have multiple masters.. but I have no idea how to solve this problem. If datacenter A goes down for three days, i want to be able to modify the slave A records to stop pointing to the bad datacenter. And when the datacenter comes back up and the old master is alive, I want everything to work. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
