Having MaraDNS be a slave DNS server
MaraDNS does not have direct support for being a slave DNS
server. However, MaraDNS can transfer zone files from other
servers by using the fetchzone client.
fetchzone is a program that can transfer a zone from another
name server; the transferred zone is in the csv2 zone file
format, which can then be loaded by MaraDNS.
Here is an example of using fetchzone to transfer the zone
example.com from the server with the IP 10.5.6.7, placing the
output in the file "db.example.com":
fetchzone example.com 10.5.6.7 > db.example.com
Automating this with a shell script
If one wishes to use fetchzone to grab a number of zones, this
can be automated with a shell script:
#!/bin/bash
cd /etc/maradns
fetchzone example.com 10.5.6.7 > db.example.com
fetchzone example.org 192.168.5.67 > db.example.org
fetchzone example.net 172.19.2.83 > db.example.net
This shell script, however, has a problem. Should there be a
problem getting a zone file from a remote system, the zone file
in question will be destroyed. This can be avoided by checking
the exit status of fetchzone in the shell script, making sure
that the zone was obtained normally before overwriting the zone
file:
#!/bin/bash
# For security reasons, put this file in a directory that only root
# may write to.
TEMP=/root/tmp/foo
cd /etc/maradns
fetchzone example.com 10.5.6.7 > $TEMP
if [ $? -eq 0 ] ; then
mv $TEMP db.example.com
fi
fetchzone example.org 192.168.5.67 > $TEMP
if [ $? -eq 0 ] ; then
mv $TEMP db.example.org
fi
fetchzone example.net 172.19.2.83 > $TEMP
if [ $? -eq 0 ] ; then
mv $TEMP db.example.net
fi
Note that this script needs a directory, which only root may
write to, named /root/tmp (Linux has a long-standing tradition
of making root's home directory /root; place this file elsewhere
on a system with a different root directory).
While this script is workable for a small number of zones, this
script will quickly become unwieldy for a large number of zones.
If one wants to grab a large number of zones, it makes more
sense to have the list of zones in a separate file. We then have
the shell script read this file (list of zones and IPs), and
make the zone files live if the zones have been successfully
fetched.
Here is what a shell script may look like:
#!/bin/bash
ZONELIST=/etc/maradns.zonelist
# For security reasons, put this file in a directory that only root
# may write to.
TEMP=/root/tmp/foo
cd /etc/maradns
cat $ZONELIST | awk '{print "fetchzone "$1" "$2" > '$TEMP'"
print "if [ $? -eq 0 ] ; then"
print " mv '$TEMP' db."$1
print "fi";}' | sh
The list of zones, which is in the file /etc/maradns.zonelist in
the above example, will look like this:
example.com 10.5.6.7
example.org 192.168.5.67
example.net 172.19.2.83
Note that the presence of a given db.name file in the
/etc/maradns directory is not sufficient for MaraDNS to load a
given zone file; the zone file in question must be pointed to in
the mararc file. Note also that maradns must be restarted to
reload the updated zone files.
More complicated scripting, such as checking the serial number
before loading a given zone, is left as an exercise for the
reader.
Bailiwick
For security reasons, the fetchzone client only allows records
that end in the zone name to be in a given zone. In other words,
let us suppose we have a zone for example.com that looks like
this:
example.com. 10.1.2.3
www.example.com. 10.99.88.76
www.google.com. 10.99.88.76
fetchzone, when grabbing this zone, will disable the
"www.google.com" record because it doesn't end with
"example.com". The disabling will look something like this when
the zone file is grabbed:
example.com. 10.1.2.3
www.example.com. 10.99.88.76
# Disabled out-of-bailiwick record follows
#www.google.com. 10.99.88.76
distrib
>
Mageia
>
4
>
i586
>
media
>
core-release
>
by-pkgid
>
07a81589bb2c4aa5e88f35a4a345a184
>
files
>
48
