Act as a slave and master for the same zone?

[optize]

Hi -

I run a DNS hosting provider which provides backup DNS. Basically, my nameserver will act as a slave and connect to their master nameserver.

But once my nameserver grabs the config from their master, that same nameserver (my master nameserver) needs to send the config to all of my slaves.

So, basically I need someway for bind to act as a master and a slave for certain zones.

Is this possible?

 

[chipk]

A server cannot be both master and slave for the same zone.

If the question you're asking is, can zone transfers be done in the following way?

master --> slave --> slave

The answer is yes.

Beyond that, I almost never answer with a "read the manual," but if you plan to "run a DNS hosting provider," I'd say that's where you need to start.

 

[optize]

I do run a DNS provider and have for several years, it's one of the bigger ones on the Internet. However, we are now switching over to bind from another platform and that's the only issue I'm having.

Which function will allow master -> slave -> slave? I don't see anything popping out at me.

 

[chipk]

It's a zone transfer. A slave doesn't "care" if the server it's pulling a zone from is really a master as long as the configs allow the updates to/from that server.

If you want to literally "push" (which is the terminology that prompted my RTFM response - xfrs are initiated from slaves, they are not pushed, which I'm sure you know) from your "master dns server" that is acting as a slave for your client, then you'd have to create a custom solution using Perl or something to copy the files and update your configs.

 

[optize]

Thanks for your help so far. Maybe I'm not getting the concept of bind or something.

From what I gather from Master->Slave for bind is when there's an update on the master, you can send NOTIFY's to the slaves to let them know to get the newest version of the zone.

I also understand that it checks the master nameserver every so often for updates (if the serial has changed) even if it doesn't get a notify.

So, if we have a master -> slave -> slave. How is my first slave going to send notifys? Does it send them the same way as if it was a master?

 

[chipk]

Notify is only available from the server that is the master, AFAIK, so if you wanted notifies sent to your other "slaves", they would need to be set up with "also-notify" statements on the actual master for the zone if they cannot be defined in the NS record.

If your clients allow it (this is default behavior for BIND), why can't you just pull directly from their master instead of having zones pulled from another slave? I can see how using a low threshold on the time-to-refresh would not be practical since you're obviously looking at a high volume of transfers, but at the same time, I'm sure you want to keep records as up-to-date as possible.

 

[elgrandeperro]

The main reason one would do something like this is if the master is a zone generator (so it can be checked BEFORE putting it into use.)

So the scenario is more like:

master(generator)->true master-> slave.

Unfortunately, BIND is not designed to be hierarchical when it comes to the master/slave relationship; you cannot tier it so that the notifies propagate properly.

So most people use rsync or other mechanism to copy the records to the true master, and then use the standard ndc commands to trigger the true master. The config file (named.conf) for both master(generator) and true master would be the same similar (you probably want to restrict zone transfers, queries, and notify commands on the master(generator).

 

[chipk]

Yeah, I mentioned Perl if he was going to do something like that, but Rsync would work as well.