Re: [Bind-dlz-testers] How to allow zone transfer?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ronald,

If you update the SOA serial the zone transfer will
happen - eventually.  Your slave server will check the
master DLZ server's SOA serial after the SOA refresh
period has expired and if the serial is newer perform
the zone transfer.  So if your refresh is set for a
long period of time it will take a while before the
slave gets the update.  You could set the refresh time
in your SOA to a low value but that would just mean a
shorter delay between the updates.  If you want an
immediate update you need to send a DNS notify message
to the slave server.

Notify messages let the slave know it should check for
an update immediately.  You can send a notify message
using a variety of different command line tools or DNS
API's like the perl DNS module.  To make things
automatic you could implement a DB trigger that gets
called on update of the SOA serial to send a DNS
notify message.  If your DB doesn't support triggers
or you don't want to do things that way you could have
whatever application you are using to manage your data
send the notify message instead.  Of course be sure to
properly configure your slave server to receive
notifications and only allow notifications to come
from you.  Explaining how to do all of this is beyond
the scope of something that can be explained by
e-mail.  So do a little research on Google and you
should find all the information you need.

Hope this helps.
Rob

--- Ronald Wiplinger <ro...@el...> wrote:

> Graeme Fowler wrote:
> > On 12/09/2006 16:08, Ronald Wiplinger wrote:
> >   
> >> I inserted the line with the secondary's ip
> address. Than I reloaded 
> >> both dns and still get on the slave dns:
> >> Sep 12 23:02:54 dns named[24445]: transfer of
> 'xxx.com/IN' from 
> >> xx.xx.xx.xx#53: failed while receiving responses:
> REFUSED
> >> Sep 12 23:02:54 dns named[24445]: transfer of
> 'xxx.com/IN' from 
> >> xx.xx.xx.xx#53: end of transfer
> >>     
> >
> > Aha. [cough]
> >
> > You need to massage your SQL query a bit to make
> it match properly:
> >
> >   {select zone from xfr_table where (zone =
> '%zone%' or zone='*') and 
> > client = '%client%'}
> >
> > That way, if (( the zone matches it returns true,
> or if it matches the * 
> > it returns true ) AND ( the client matches it
> returns true )). The 
> > client is then permitted to transfer.
> >
> > Graeme
> >   
> 
> Thanks that worked!
> 
> I got an additional question.
> If I change in the database some data, I need to
> initiate the zone 
> transfer again.
> Is it sufficient to have the soa record number
> updated, or do I need to 
> do more?
> I have in named.conf  the line:
>        also-notify { xx.xx.xx.xx ; yy.yy.yy.yy ; };
> with x and y the IP addresses of the slave servers.
> 
> bye
> 
> Ronald
> 
> 
> 
>
-------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bind-dlz-testers mailing list
> Bin...@li...
>
https://lists.sourceforge.net/lists/listinfo/bind-dlz-testers
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 