> This message is in MIME format. The first part should be readable text, > while the remaining parts are likely unreadable without MIME-aware tools. > > ---1463773696-94153189-1134859329=:13630 > Content-Type: TEXT/PLAIN; charset=utf-8; format=flowed > Content-Transfer-Encoding: QUOTED-PRINTABLE > > On Sat, 17 Dec 2005, |Lord_Zoo| wrote: > > > That's why I want to know how to configure this, since I know it's not > > good, but well. > > > > > > If you have a good resource to check on, please, let know. :D > > > > Thanks. > That's why I want to know how to configure this, since I know it's not > good, but well. > > > If you have a good resource to check on, please, let know. :D > > Thanks. > OK for adding domains, its incorporated in my adduser perl script > the variables at top allow me to decide which IP will be what etc. > assuming you have the primary and secondary dns servers nfs mounted and > then it uses rndc to load the zone, no no manually making anything, if > you want a copy of that section let me know, i'm still not really sure if > im understanding yor question though. but if your happy to make a zone > conf file and add it into named.conf manualy on pri/sec then just yse rndc > reload zonename and its all good > > > > > > > > El s=C3=A1b, 17-12-2005 a las 23:36 +1000, Res escribi=C3=B3: > >> On Fri, 16 Dec 2005, Gaston wrote: > >> > >>> Hi All. > >>> > >>> > >>> Does anybody know of a howto to configure bind with rndc for use with > >>> zone transfers? > >>> > >>> I need to configure 2 fedora servers, and I don't want to duplicate the > >>> dns records manually on each server. > >> > >> rndc reload zone > >> > >> you should NEVER EVER update a secondary manually entering entries > >> > >> (if I've misunderstood your question just ignore me, had staff party > >> tonight :P ) > >> > >> > >> -- > >> Cheers > >> Res > >> > > > > > > -- > Cheers > Res <snip> ============================================================================== I tried to send this earlier but for some reason it did not make the trip ============================================================================== This thread seems weird, like I only have received part of it As a paid job I was the administrator of several DNS severs at a large site (thousands of DNS records). AFAIAC the ONLY resource for admins of DNS systems using BIND, except for the BIND code is the O'Reilly book "DNS and BIND". Rndc is not really a zone transfer tool. It is a tool for more general administration. One of its functions is to provide a way for slave servers to authenticate themselves to a master to have the master permit s zone transfer. It is a way to provide some security for the DNS system. On DNS Security: You could use DNS sec to encrypt data xfers, though I never have. To prevent you should prohibit zone transfer except to explicitly trusted, authorized slave servers. Rndc is used by the master or slaves in a zone which restricts zone transfers to permit transfers to/from systems presenting the key. There are different ways to configure rndc. You can have a single key associated with all slave access to the master, or separate keys for each slave. I suspect the easiest will be to generate a key for all slaves, and associate that key with an ACL on the master that includes all the slaves. The single key will permit (with proper configuration of the slaves) the slaves to exchange updates should the master become unreachable. It is possible to configure a more complex set of keys. One for each authoritative server This would be useful if your zone was forced to use a slave NOT under the organizations control, or otherwise NOT completely trusted by your organization. In the case of my network here at my home for which I have static IP addresses and a domain name, I have internal and external DNS zones (split DNS). My external zone DNS servers are my firewall and a DNS server at a remote site. The internal zone is served by BIND servers on my firewall and the mail hub. I use RNDC to control zone xfers for both zones. My configuration is easier than it might be because I know and trust the admins of the remote BIND server. I hope this will help y'all, By the way nsupdate is used for dynamic DNS (typically on nets where DHCP is in use). My understanding is that this thread is about a BIND environment which uses static zone tables. dlg David L. Gehrt Land Line: 805.541.2390 1865 Wilding Lane Cell phone: 805.704.5890 San Luis Obispo, CA 93401-3044 Email: dlg@xxxxxxxxxxx