On Tue, Aug 05, 2014 at 09:21:07AM -0400, Brian Cuttler wrote: > > rndc addzone sounds like a very interesting tool, but > if you want an automated sync, will require something to > read the source config of the master and then write the > requisit slave zone information for the dns slave server(s). > > Offsite slave servers will require a lot of trust.
- I guess not just trust, but some form of ACL so that remote managers can add/remove/edit only certain zones. This may be even a larger security issue than a technical issue. > Rsync solution for onsite servers will result in duplicate > copies of the master or the slave, unless you automate a > wrapper for that too (and I'm inclined to think in terms of > # sed, which I use in a surprising number of my scripts). > > On Mon, Aug 04, 2014 at 05:26:38PM +0000, Evan Hunt wrote: > > > So to the best of your knowledge this functionality is still on drawing > > > board, unless implemented out-of-band? (i.e. a perl script to parse > > > metazone.zone, and create /etc/named.d/*.conf files) > > > > Or run "rndc addzone". > > > > There's currently no supported way to perform in-band zone provisioning > > via the DNS itself. I do have access to the metazone implementation that > > Vixie wrote his paper about, and I can send it to you if you like, but I'm > > not sure how useful you'll find it. There might also be some interesting > > tricks possible with DLZ or with redhat's "dynDB" LDAP extension (which we > > plan to include in BIND 9.11 but is currently only available as a set of > > patches). > > > > Improving DNS provisioning is a hot topic for future development, but > > we're still just in the requirements-gathering phase. Would you like to > > share what it is you hope to do in more detail? > > > > -- > > Evan Hunt -- [email protected] > > Internet Systems Consortium, Inc. > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > [email protected] > > https://lists.isc.org/mailman/listinfo/bind-users > --- > Brian R Cuttler [email protected] > Computer Systems Support (v) 518 486-1697 > Wadsworth Center (f) 518 473-6384 > NYS Department of Health Help Desk 518 473-0773 > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users --- Brian R Cuttler [email protected] Computer Systems Support (v) 518 486-1697 Wadsworth Center (f) 518 473-6384 NYS Department of Health Help Desk 518 473-0773 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
