Monday, 1 March 2010

BIND DNS setup for branches

I have to provide main internal company DNS zone to many branches' name servers. It can be done by setting up regional servers as forwarders, but internet channels worked unstable and better to have local copies of main zone file.
Everything works fine except one thing: I have to list all (more then 40) regional name servers in the main DNS zone file to provide zone transfer (Only in this case master server send zone update notification to slaves). Based on assumption that zone changes infrequently, I decided do NOT include all regional name servers as NS records for main zone, instead I just set main zone refresh time to 2 hours. But on the regional servers I put the following slave zone assuming that example.com is our company domain name:
zone "example.com" in {
type slave;
file "zones/slaves/db.example.com";
masters { 192.168.0.1;192.168.0.5; };
allow-query { 127.0.0.1; 192.168.40.0/24;};
};
And every 2 hours each regional name server checks are there any updated in the main zone on master DNS servers.

No comments: