Apart from master/slave now being Primary/Secondary.... (mindset change
after 25 years of DNS management)
... I kind of like the idea - except if the Primary server is DNSSEC
Signing that zone (and DNSSEC is a really smart thing to be able to do)
then editing a Secondary is not a very simple thing to do. The DNSSEC
keys (zsk/ksk/(csk)) are not shared with the transfer of a zone - so
locally signing on a Secondary would be a challenge.
I guess in an emergency one could remove the DNSSEC records from the
Zone along with removing the DS records from the parent. It would then
be safe to edit a text version on the Secondary and better still,
promote it to being the new Primary. Generally though, one can usually
afford for a Primary to be down for a short time until things are fixed.
Having a contingency plan to switch your Primary to a different
(currently Secondary) server along with all the DNSSEC configuration
would be a useful exercise. Have all the same DNS tools on that backup
server that you already have on the current Primary server.
On 12/19/21 3:12 PM, Richard Doty wrote:
Having text files makes editing easier, but you still want to keep the
slaves the same - making the identical edit multiple times is some
work, but may not actually happen depending on circumstances (people
make mistakes)
I like to make all the servers 'masters' - so whoever has the highest
serial number wins. Then if you update one slave, it is automatically
synced to the others. This might conflict with however you populate
your true master.
On Fri, Dec 17, 2021 at 6:30 AM Roberto Carna
<robertocarn...@gmail.com <mailto:robertocarn...@gmail.com>> wrote:
Warren, thanks a lot....with the masterfile-format clause it works OK.
Greetings!!!
El jue, 16 dic 2021 a las 15:43, Warren Kumari (<war...@kumari.net
<mailto:war...@kumari.net>>) escribió:
>
>
>
> On Thu, Dec 16, 2021 at 10:37 AM Roberto Carna
<robertocarn...@gmail.com <mailto:robertocarn...@gmail.com>> wrote:
>>
>> Dear all, I have one BIND9 server as master and 3 as slaves.
>>
>> The master and one slave are in a given site #1, and the other two
>> slaves are in a geographical different site #2.
>>
>> In case site #1 goes offline, I need to edit records in both slaves
>> from site #2, in order to point some services to other public
IP's for
>> contingency.
>>
>> My question is:
>>
>> What is the recommended way to edit the records from a BIND9 slave?
>> Because the zone files are binary files
>
>
> Yup, if you are running (IIRC) > v9.9.x, the default is binary
files.
> You can convert these beck to text with:
> named-compilezone -f raw -F text -o example.com.text example.com
<http://example.com> example.com.binary
>
> You can also change the default in named.conf:
> options {
> // many many options
> masterfile-format text;
> //
> // many other options
> //
> }
>
> The raw (binary) zone files are good for large zones, but for
small zones, where speed isn't super important, text format works
just fine...
> W
>
>
>>
>> and using the Webmin interface
>> is blocked.
>>
>> The only manner is changing the configuration from slave to master?
>>
>> Thanks in advance, greetings!!!
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users
<https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe
from this list
>>
>> ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/
<https://www.isc.org/contact/> for more information.
>>
>>
>> bind-users mailing list
>> bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/bind-users
<https://lists.isc.org/mailman/listinfo/bind-users>
>
>
>
> --
> The computing scientist’s main challenge is not to get confused
by the
> complexities of his own making.
> -- E. W. Dijkstra
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users
<https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe
from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/
<https://www.isc.org/contact/> for more information.
bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
<https://lists.isc.org/mailman/listinfo/bind-users>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
Posix SystemsVCARD for MJ Elkins
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
