Syncing BIND

KePSuX · Posted: Tue Apr 06, 2004 9:40 pm Post subject: Syncing BIND

I've got two machines at different physical locations running as DNS servers. One is a "master" and the other the "slave" (aka backup). I have the need for the slave to sync every 15 minutes off the master to keep the DNS records on each machine up to date. I'm not a Linux moron, but I dont know squat about BIND to be honest. Whats the best way about this? I *think* BIND has the ability to sync once a day..but this is just off a rough memory of something I had read. Any insight? Thanks!

kashani · Posted: Tue Apr 06, 2004 10:16 pm Post subject:

No need to sync as long as the master tells the slave whenever there is an update. You'd want something like this in your config on the master.

KePSuX · Posted: Tue Apr 06, 2004 11:05 pm Post subject:

ok, awesome. Theoretically if when the master is updated and the slave is not present on the network, how does it handle that? Will it update when the other machine comes back up, or just skip it until manually synced?

Does bind have to be restarted on either machine when it is updated?

Will it re-sync the slave when only changes are made to a zone file, or only when the file is created?

basically...aside from changing the actual zone file, what else will have to be done for the DNS to sync on both boxes?

moby · n00b Joined: 17 Dec 2002 Posts: 29

It will sync the next time the secondary server is up. You may have to make a quick change to kick off the sync process if you want it to happen right away.

Otherwise there may be a timeout value to when it will sync.

Also, the secondary may request a sync when it starts up. I haven't ever had to mess with th is, as my secondary servers are always up.

-moby

kashani · Posted: Tue Apr 06, 2004 11:33 pm Post subject:

Say the slave is down and missed the notify. When you start bind it should attempt to check all the zones and get the change within a minute after named starts. Just tested that so I know it works.

Now say you have a temp link between the sites and the slave missed the notify and you didn't restart it. To have the slave check in with the master can be done in the zone files. Let's look at an example.

KePSuX · Posted: Wed Apr 07, 2004 2:14 pm Post subject:

Wow, excellent info guys. A few more questions before I get into setting this up.

What type of authentication method is used for syncing? How does the slave know to listen to the master machine? Is there a setup in the slave that tells it it is the slave to that particular machine?

Just so I know...when zones are updated or added does BIND have to be restarted? If so...does it automatically restart on the slave when it is updated by the master?

Basically the person that will be updating BIND dosen't have a lot of Linux experiance, and I'm hoping to make this as seemless as I can. Im hoping at the most all he will have to do to sync both machines is add or update a zone file and restart named through webmin.

Also just for my referance, when named is restarted..is it done gracefully or will it drop connections that are in progress if there are any?

Thanks again guys. I love these fourms.

ARC2300 · Apprentice Joined: 30 Mar 2003 Posts: 267

IIRC, by default, BIND checks something like once per hour for a refreshed zone just in case it misses the notify for some reason. I think I read that in my BIND/DNS book. I could be wrong, though.

For authentication, you can make it as secure or insecure as you want. I actually use keys when syncing my nameservers. Since the key is contained in the named.conf file, that file is readable by named only, as is the directory containing named.conf (as well as the directories with my zone files in it).

As stated above, BIND checks to see if you have it configured as a master or slave. If it's a master, it just servers out DNS info. If it's a slave, it checks what address it is supposed to stay synchronized with, and (I believe) once an hour checks the zone serial numbers to make sure that things stay updated.

No, BIND doesn't have to be restarted. If you're using Gentoo, at a command line simply type (as root) "rndc reload" and it should reload all zone data and config files. "rndc reload zone (zonename)" reloads a specific zone, and "rndc refresh zone (zonename)" forces BIND to see if the zone has been updated. "rndc reconfig" simply reloads the config file.

When updating a zone, if you increment the serial number, you only need to reload the zone data for the master name server. The slave will sync up within a reasonable amount of time on its own.

Restarting named isn't even necessary. Just give him a basic login and make some aliases, suchas "zoneload" "zonerefresh" "reconfig". That's even easier than clicking around in webmin.

named will start gracefully. Or at least, in my experience, it has.
_________________
It's fun to take a trip
Put acid in your veins

kashani · Posted: Wed Apr 07, 2004 10:08 pm Post subject:

You might want to make the $40 investment for the O'Reily cricket book. Also there's a good pdf about Bind on the the ISC's website that answers alot of these as well.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.

KePSuX · Posted: Wed Apr 07, 2004 11:02 pm Post subject:

Dude, awesome info. I'm actually on my way to Borders anyways, so I'm gonna check out some books on BIND/DNS. I think I've gotten enough info here to get it working though. As usual, thanks a ton!

ARC2300 · Apprentice Joined: 30 Mar 2003 Posts: 267

For what it's worth, I've got the O'Reilly BIND/DNS book, and it's very informative and easy to read.

When I finish this, it's off to read the Samba book I go, and from there, who knows.
_________________
It's fun to take a trip
Put acid in your veins

Chris W · Posted: Thu Apr 08, 2004 5:49 am Post subject: