On 13 Nov 2009, at 14:20, Tibo wrote:
>
> We have 4 little datacenters over the world.
> I would like to check if all DNS servers are up to date but only people
> responsible of a datacenter can access their servers for security reasons.
> I know some tools on the net can do that but it's not easy for me and
> I'd like to automatise all of that.
How about just using an ACL for rndc on each nameserver which allows
only your local network to run "rndc status" against each nameserver?
>From the output of that, the first line will give you the version number.
The DNS server admins will also have to give you an rndc key which you
will use on your local system to connect to the server. This is referenced
below as "my-rndc-key.rndc".
For example, you could have the following in each nameserver's named.conf:
=================================
/*
* ACL for controlling slave servers
*/
acl "allowed-rndc" {
127.0.0.1; /* loopback */
192.168.1.0/24; /* localnet */
x.x.x.x/24; /* any network */
};
/*
* Control socket
*/
controls {
inet * /* this can be as restrictive as desired */
allow { allowed-rndc; }
keys { my-rndc-key.rndc; };
};
=================================
Then, from your "x.x.x.x/24" network, you can run the following:
# rndc -s ip-of-dns-server-here status
This will give you the following output:
=================================
version: 9.6.1-P2
number of zones: 5
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
=================================
You can then get the version number from the first line. Hope this helps.
Thanks,
Khusro
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
