[SunRescue] hosts file And DNS files??
Loomis, Rip
rescue at sunhelp.org
Fri May 25 11:59:13 CDT 2001
(Sent back to the list in the hopes that it
helps someone else...)
Mike--
Each DNS zone can only have one master server, plus
zero to dozens of slaves. The only exception to
this is if you're running some kind of multi-master
backend database for your DNS data, which is what
W2K DNS+Active Directory does for you. In that
case, the multiple masters have to de-conflict and
replicate all changes between them--that's a non-
trivial process which is why BIND doesn't implement
it (yet).
Assuming you're running BIND 8.2.[34] or BIND 9.1.2
(if you're not then you should have a really good
reason..) on a UNIXish box, then the only difference
is in the stanza in named.conf that configures that
zone. For "basement.agrijag.com" you might have:
==On the master==
zone "basement.agrijag.com" {
type master;
file "db.basement.agrijag.com";
};
==On the slave==
zone "basement.agrijag.com" {
type slave;
file "db-copy.basement.agrijag.com";
masters { 10.1.2.3; };
};
You still want/need the "file" line on the slave
to give it a place to store the transferred zone.
The masters{} line should just list the single
master for the zone--although BIND really only
allows a single DNS server to be *the* master,
you might have a situation where a particular
DNS server considers more than one other DNS
server as an "okay" master from which it can
transfer the zone.
The only other change you need to make it to
put an NS record in the zone file for the slave,
increment the serial number, and reload the
zone file.
Hope this helps--
--
Rip Loomis
Brainbench MVP for Internet Security
http://www.brainbench.com (Transcript 1923411)
> -----Original Message-----
> From: Michael S. Schiller [mailto:schiller at agrijag.com]
> Sent: Friday, May 25, 2001 11:32 AM
> To: rescue at sunhelp.org
> Subject: Re: [SunRescue] hosts file And DNS files??
>
>
> How much different from the 'master' file would the 'slave' file be?
> What would happen if more than 1 machine were setup as masters?
>
> -Mike
>
> "Loomis, Rip" wrote:
> >
> > The thing to do in case your DNS server craps itself
> > is to set up a slave DNS server on a second system
> > and get zone transfers running. It's really not hard
> > at all, and removes a single point of failure.
> >
> > I'll be more than happy to help with the slave's config.
> > Anyone who needs basic (or advanced) DNS help please
> > feel free to contact me off-list--my more-or-less full
> > time job right now is DNS security and administration.
> > Needless to say, until we get everybody over to BIND 9,
> > the security part alone is keeping me busy...
More information about the rescue
mailing list