When implementing redundancy as far as DNS is concerned, automated is always better. In a hosting environment, new zone files are constantly being created.
This need for a DNS master/slave implementation where new zone files are transferred between the master nameserver and the slave became apparent as operations grew and geographic DNS redundancy became apparent.
Obviously some commercial dns products provide this type of functionality out-of-the-box, but I will show you how to do this with a simple Bind DNS distribution.
I wrote this tutorial to help you, hopefully, to create an automated DNS slave / zone file transfer environment. Obviously you can create as many slave servers as you feel necessary.
MASTER Server
1. Edit /etc/named.conf and add the following to the options section where xx.xx.xx.xx is the ip of your slave server.:
allow-transfer { xx.xx.xx.xx; };2. Create a script with the following, where somedirectory is the directory on your SLAVE server to store the slave zones and where yy.yy.yy.yy is your MASTER server ip and somewwwdir is a directory browsable via http and finally someslavefile.conf is the output file to write you slave config:
#!/bin/sh
#
for domain in `/bin/grep ^zone /etc/named.conf |/bin/grep "type master" |/bin/awk '{print $2}' |/bin/awk -F" '{print $2}'`
do
/usr/bin/printf "zone "${domain}" { type slave; file "/var/named/slaves/somedirectory/${domain}.db"; masters { yy.yy.yy.yy; }; };n"
done > /var/www/html/somewwwdir/someslavefile.conf3. Test the script to ensure it is writing out the appropriate format.
4. Run the script as any user with permission to write to an http visible directory via cron.
0 4 * * * /path/to/script > /dev/null 2>&1
SLAVE SERVER
1. Transfer the rndc.key file from your master server to the slave :
scp MASTERSERVER:/etc/rndc.key /etc/ns1rndc.key
2. Edit ns1rndc.key and change the name of the key definition.
3. Edit named.conf and add the following to the options section:
allow-transfer { zz.zz.zz.zz; };4. Append the following to the named.conf file:
include "/etc/ns1rndc.key"; include "/path/to/someslavefile.conf";
5. Run the following commands
touch /path/to/someslavefile.conf mkdir /var/named/slaves/somedirectory/ chown -R named:named /var/named/slaves/somedirectory/ /etc/init.d/named restart
6. Create a script:
#!/bin/sh /usr/bin/wget http://yy.yy.yy.yy/somewwwdir/someslavefile.conf -O /var/named/slaves/someslavefile.conf /etc/init.d/named restart
7. Add to root’s crontab
0 4 * * * /path/to/script
In the second slave script, you see that the transfer is done via wget. This can be replaced by many other more secure methods. If ssh based key authentication is employed, a simple scp or even rsync can be utilized to accomplish the actual zone transfer.
