A while back we switched local edits of DNS files managed with RCS, to having the DNS servers pull changes from cfengine and using subversion to manage the changes.
There were issues with other people remembering to increment the SOA (or just incrementing until it worked, and not bothering with making YYYYMMDDxx form the right date...). I switched us to using unix time as the SOA serial (and made that part of cfengine's work). Plus I had to have it make a second zone files with a slightly newer serial, one that has some IPs changed that we encrypt and send out...thinking that should we ever go dark, or DR site can bring DNS back up and with our important sites already pointed to it (and keep the services that aren't in our address space resolvable -- this last part being less of an issue now that we have an off-campus secondary). Some day we'll work on actually having these things for DR. At least there was finally movement on upgrading campus DNS servers....we went from 3 aging Netra X1s or V210s....to, well, all 3 IPs attached to a zone on an X4100. Was supposed to be 3 X4100s, but the work to exchange the new servers for old servers stalled. And, the first one we replaced was the less busy one, rather than the ones that were close to death. DNS upgrade project is almost 2 years old... ----- Original Message ----- > Guys, > > We've got an ancient internal DNS setup which is based on old C binary > which builds the forward and reverse maps and stuffs them into DNS > using the old 'kill -HUP ' method. > > This is now borked because of Dynamic DNS updates from various AD > servers which provide DNS to laptops. So when our script updates the > SOA serial number, it pulls the one out of the file, but that's > invariably wrong because the SOA serial has been steadily > incrementing due to DDNS updates. Fun. > > We don't want to upgrade the system right now, because it's alot of > legacy untangling to do, so that will be a longer term project. > > So before I spend my time writing a script to do all this for me, I > was hoping that someone else already had a script which: > > a) uses nsupdate to change DNS > b) worked off a NIS format hosts file > c) worked with RCS (yup, stone ages!) controlled file > d) command line oriented of course. > > My google foo, and old saved sage-members archives haven't been much > help. Some people talked about using Lucent's QIP product, etc. > Which isn't a bad idea, but more than I want right now. > > Pointers to scripts would be ideal. And I know that it's the error > handling and corner cases which will screw me over and take the time > to write. The joy of programming. 90% of the code is error and > bounds checking... > > Thanks, > John > > > > -- > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: [email protected] Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
