I run a BIND server with a number of cnames and A records. A few of these hosts have dynamic IP addresses. What I want to be able to do is to segment my main zone file such that some of the A records are in separate physical zone files: For example: main zone file for domain is: foo.bar A subsidiary zone file might be fubar.foo.bar containing just the A record for fubar, and the appropriate serial number/expriation times et. al. Right now, fubar.foo.bar is a CNAME for hxx.xx.xx.xx.cablemodem.net. In the future, I want to allow those hosts to check their own IP addresses, when they detect a change, upload the new ip address to the server, and a cron script on the server will update the zone file and restart named. I could easily do this now with the main zone file, but my partner is nervous about that since we run the risk of trashing the main zone file. By segmenting it, any damage that would be done would be contained. -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
* Jerry Feldman (gaf@blu.org) [030506 12:06]:
A subsidiary zone file might be fubar.foo.bar containing just the A record for fubar, and the appropriate serial number/expriation times et. al.
$INCLUDE /path/to/fubar.foo.bar.a.records You may need to set set $ORIGIN on $INCLUDE as well depending on how the zone is configured, etc.
Right now, fubar.foo.bar is a CNAME for hxx.xx.xx.xx.cablemodem.net.
You mean fubar.foo.bar's cname is hxx.xx.xx.xx.cablemodem.net, right?
In the future, I want to allow those hosts to check their own IP addresses, when they detect a change, upload the new ip address to the server, and a cron script on the server will update the zone file and restart named.
You could also write a shell or perl daemon that monitors the dhcp lease database for changes, that way you don't have to worry about races or maintaining so many clients.
I could easily do this now with the main zone file, but my partner is nervous about that since we run the risk of trashing the main zone file. By segmenting it, any damage that would be done would be contained.
That's a legitimate concern I guess. A cleaner solution (but with more setup) would be to allow the clients to update the zone themselves using TSIG keys. There's a nice example here: http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html#forward -- -ckm
On Tue, 6 May 2003 12:27:55 -0700 Christopher Mahmood <ckm@suse.com> wrote:
$INCLUDE /path/to/fubar.foo.bar.a.records
You may need to set set $ORIGIN on $INCLUDE as well depending on how the zone is configured, etc. Thanks Chris.
-- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
Tuesday 6 May 2003 at 12:27pm, Christopher Mahmood wrote:
* Jerry Feldman (gaf@blu.org) [030506 12:06]:
A subsidiary zone file might be fubar.foo.bar containing just the A record for fubar, and the appropriate serial number/expriation times et. al.
$INCLUDE /path/to/fubar.foo.bar.a.records
You may need to set set $ORIGIN on $INCLUDE as well depending on how the zone is configured, etc.
Right now, fubar.foo.bar is a CNAME for hxx.xx.xx.xx.cablemodem.net.
You mean fubar.foo.bar's cname is hxx.xx.xx.xx.cablemodem.net, right?
In the future, I want to allow those hosts to check their own IP addresses, when they detect a change, upload the new ip address to the server, and a cron script on the server will update the zone file and restart named.
You could also write a shell or perl daemon that monitors the dhcp lease database for changes, that way you don't have to worry about races or maintaining so many clients.
Perhaps the ddt-client package will do for your users hosts what you need. I have the following from my 8.0 install CDs. Perhaps it's also on 8.1 and 8.2: # rpm -qpi /install-cds/CD3/suse/n4/ddt-client-0.5-247.i386.rpm Name : ddt-client Relocations: (not relocateable) Version : 0.5 Vendor: SuSE AG, Nuernberg, Germany Release : 247 Build Date: Tue Mar 26 08:21:04 2002 Install date: (not installed) Build Host: Macintyre.suse.de Group : Productivity/Networking/DNS/Utilities Source RPM: ddt-0.5-247.src.rpm Size : 125319 License: GPL Packager : feedback@suse.de URL : http://www.ddts.org/ Summary : DDT (Dynamic DNS Tools) Client Description : This is a client for DDT (Dynamic DNS Tools) servers. It can be used to update an DNS entry of a host, that in fact has a dynamic IP address, in a secure fashion. The communication between clients and server is encrypted and authenticated, and the server uses the dynamic DNS update capabilities of BIND8. Homepage of the project: http://www.ddts.org/ Authors: -------- Remi Lefebvre <remi@ddts.org> Benoit Joly <benoit@ddts.org> Luca Filipozzi <lfilipoz@ddts.org> SuSE series: n Distribution: SuSE Linux 8.0 (i386)
I'll take a look, thanks. On Tue, 6 May 2003 12:46:45 -0700 (PDT) Jim Cunning <jcunning@cts.com> wrote:
Perhaps the ddt-client package will do for your users hosts what you need. I have the following from my 8.0 install CDs. Perhaps it's also on 8.1 and 8.2:
# rpm -qpi /install-cds/CD3/suse/n4/ddt-client-0.5-247.i386.rpm Name : ddt-client Relocations: (not relocateable) Version : 0.5 Vendor: SuSE AG, Nuernberg, Germany Release : 247 Build Date: Tue Mar 26 08:21:04 2002 Install date: (not installed) Build Host: Macintyre.suse.de Group : Productivity/Networking/DNS/Utilities Source RPM: ddt-0.5-247.src.rpm Size : 125319 License: GPL Packager : feedback@suse.de URL : http://www.ddts.org/ Summary : DDT (Dynamic DNS Tools) Client Description : This is a client for DDT (Dynamic DNS Tools) servers. It can be used to update an DNS entry of a host, that in fact has a dynamic IP address, in a secure fashion. The communication between clients and server is encrypted and authenticated, and the server uses the dynamic DNS update capabilities of BIND8.
Homepage of the project: http://www.ddts.org/
Authors: -------- Remi Lefebvre <remi@ddts.org> Benoit Joly <benoit@ddts.org> Luca Filipozzi <lfilipoz@ddts.org>
SuSE series: n Distribution: SuSE Linux 8.0 (i386)
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
participants (3)
-
Christopher Mahmood -
Jerry Feldman -
Jim Cunning