The way things are setup now in bind, the admin would still need to manually configure the slave servers on the master to add them to an ACL of servers allowed to do zone transfers. We could automate this config, which would just be adding a blurb on top of the bind.conf to list all the slaves and allow their transfer.

This would look something like:

 allow-transfer {192.168.0.3;};

(Similarly, the slaves could be configured to allow notifies from the master servers, using allow-notify (192.168.0.15; 192.168.0.16; 10.0.0.1;);, although that is optional: the allow-transfer is really a must otherwise things just don't work right.)

(Shamelessly stolen from the bind manual at http://www.zytrax.com/books/dns/ch7/xfer.html)

Comments

anarcat’s picture

anarcat CreditAttribution: anarcat commented
Status: Active » Fixed
Issue tags: -aegir-1.0 +aegir-0.4

this was easier than i thought, fixed and pushed to git.

i had to add a blurb for each zone otherwise we would have had created a options {} block in aegir's bind configuration which would very probably conflict with existing options {} blocks (there can be only one in bind, sheesh...).

Status: Fixed » Closed (fixed)
Issue tags: -aegir-0.4, -dns

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +aegir-0.4, +dns

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.

  • Commit 63d3125 on debian, dev-dns, dev-koumbit, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-simplerinstaller, prod-koumbit, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by anarcat: 
    #922278 - allow slaves to do zone transfers on all zones

we don't make...